[webapps] FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)

FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)

[webapps] Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)

Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)

[remote] Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)

Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)

[local] Linux Kernel 6.2 - Userspace Processes To Enable Mitigation

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation

[webapps] Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)

Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)

[webapps] Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

[webapps] ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)

ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)

[webapps] Chitor-CMS v1.1.2 - Pre-Auth SQL Injection

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection

[local] AspEmail v5.6.0.2 - Local Privilege Escalation

AspEmail v5.6.0.2 - Local Privilege Escalation

[webapps] Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)

Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)

[webapps] GDidees CMS 3.9.1 - Local File Disclosure

GDidees CMS 3.9.1 - Local File Disclosure

[webapps] Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)

Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)

[local] File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control

File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control

[webapps] Serendipity 2.4.0 - Cross-Site Scripting (XSS)

Serendipity 2.4.0 - Cross-Site Scripting (XSS)

[webapps] Bang Resto v1.0 - 'Multiple' SQL Injection

Bang Resto v1.0 - 'Multiple' SQL Injection

[remote] Franklin Fueling Systems TS-550 - Default Password

Franklin Fueling Systems TS-550 - Default Password

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset

[webapps] Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery

Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP

Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP

[local] Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)

Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)

[webapps] Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password

Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password

[webapps] InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal

InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal

[remote] Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation

Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation

[webapps] Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking

Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking

[webapps] Bludit 4.0.0-rc-2 - Account takeover

Bludit 4.0.0-rc-2 - Account takeover

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure

Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation

Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation

[dos] Paradox Security Systems IPR512 - Denial Of Service

Paradox Security Systems IPR512 - Denial Of Service

[local] Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing

Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing

[webapps] ever gauzy v0.281.9 - JWT weak HMAC secret

ever gauzy v0.281.9 - JWT weak HMAC secret

[webapps] Roxy Fileman 1.4.5 - Arbitrary File Upload

Roxy Fileman 1.4.5 - Arbitrary File Upload

[webapps] Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)

Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)

[webapps] BrainyCP V1.0 - Remote Code Execution

BrainyCP V1.0 - Remote Code Execution

[dos] Microsoft Windows 11 - 'cmd.exe' Denial of Service

Microsoft Windows 11 - 'cmd.exe' Denial of Service

[webapps] Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)

Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)

[webapps] Restaurant Management System 1.0 - SQL Injection

Restaurant Management System 1.0 - SQL Injection

[webapps] Suprema BioStar 2 v2.8.16 - SQL Injection

Suprema BioStar 2 v2.8.16 - SQL Injection

[webapps] Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

[webapps] Adobe Connect 11.4.5 - Local File Disclosure

Adobe Connect 11.4.5 - Local File Disclosure

[remote] Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

[webapps] Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

[webapps] Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

[webapps] X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)

X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)

Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)

[local] Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation

Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation

[webapps] WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)

WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)

[webapps] Icinga Web 2.10 - Arbitrary File Disclosure

Icinga Web 2.10 - Arbitrary File Disclosure

[local] ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

[webapps] Medicine Tracker System v1.0 - Sql Injection

Medicine Tracker System v1.0 - Sql Injection

[webapps] dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)

dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)

[local] ActFax 10.10 - Unquoted Path Services

ActFax 10.10 - Unquoted Path Services

[dos] FortiRecorder 6.4.3 - Denial of Service

FortiRecorder 6.4.3 - Denial of Service

[webapps] X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)

X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)

[local] RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution

RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution

[webapps] Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)

Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)

[webapps] ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)

ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)

[local] Lucee Scheduled Job v1.0 - Command Execution

Lucee Scheduled Job v1.0 - Command Execution

[webapps] Altenergy Power Control Software C1.2.5 - OS command injection

Altenergy Power Control Software C1.2.5 - OS command injection

[local] Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)

Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)