qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)

m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)

OpenCart v3.x Newsletter Module - Blind SQLi

Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)

SolarView Compact 6.0 - OS Command Injection

T-Soft E-Commerce 4 - SQLi (Authenticated)

T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)

Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)

SDT-CW3B1 1.1.0 - OS Command Injection

TLR-2005KSH - Arbitrary File Delete

Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)

College Management System 1.0 - 'course_code' SQL Injection (Authenticated)

F5 BIG-IP 16.0.x - Remote Code Execution (RCE)

TLR-2005KSH - Arbitrary File Upload

Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)

WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)

Joomla Plugin SexyPolling 2.1.7 - SQLi

WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)

MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)

Beehive Forum - Account Takeover

PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)

Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)

Explore CMS 1.0 - SQL Injection

DLINK DAP-1620 A1 v1.01 - Directory Traversal

PyScript - Read Remote Python Source Code

Google Chrome 78.0.3904.70 - Remote Code Execution

Tenda HG6 v3.3.0 - Remote Command Injection

Anuko Time Tracker - SQLi (Authenticated)

Apache CouchDB 3.2.1 - Remote Code Execution (RCE)

Wondershare Dr.Fone 12.0.7 - Remote Code Execution (RCE)

Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)

ExifTool 12.23 - Arbitrary Code Execution

e107 CMS v3.2.1 - Multiple Vulnerabilities

Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)

Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)

DLINK DIR850 - Open Redirect

DLINK DIR850 - Insecure Access Control

Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)

ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure

Wondershare Dr.Fone 11.4.10 - Insecure File Permissions

TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path

UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path

SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)

CSZ CMS 1.3.0 - 'Multiple' Blind SQLi

Bitrix24 - Remote Code Execution (RCE) (Authenticated)

Bookeen Notea - Directory Traversal

Magento eCommerce CE v2.3.5-p2 - Blind SQLi

WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor

WebTareas 2.4 - Blind SQLi (Authenticated)

Akka HTTP 10.1.14 - Denial of Service

Microfinance Management System 1.0 - 'customer_number' SQLi

ImpressCMS v1.4.4 - Unrestricted File Upload

GitLab 14.9 - Stored Cross-Site Scripting (XSS)

Gitlab 14.9 - Authentication Bypass

EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path

PTPublisher v2.3.4 - Unquoted Service Path

Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)

7-zip - Code Execution / Local Privilege Escalation

WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)