| reNgine 2.2.0 - Command Injection (Authenticated) | WebApps | Multiple |
| NoteMark < 0.13.0 - Stored XSS | WebApps | Multiple |
| Gitea 1.22.0 - Stored XSS | WebApps | Multiple |
| 101 News 1.0 - Multiple-SQLi | WebApps | Multiple |
| Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read | WebApps | Multiple |
| Atlassian Confluence < 8.5.3 - Remote Code Execution | WebApps | Multiple |
| Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit) | WebApps | Multiple |
| Best Student Result Management System v1.0 - Multiple SQLi | WebApps | Multiple |
| Blood Bank v1.0 - Multiple SQL Injection | WebApps | Multiple |
| Broken Access Control - on NodeBB v3.6.7 | WebApps | Multiple |
| changedetection < 0.45.20 - Remote Code Execution (RCE) | WebApps | Multiple |
| Computer Laboratory Management System v1.0 - Multiple-SQLi | WebApps | Multiple |
| CVE-2023-50071 - Multiple SQL Injection | WebApps | Multiple |
| dawa-pharma 1.0-2022 - Multiple-SQLi | WebApps | Multiple |
| Easywall 0.3.1 - Authenticated Remote Command Execution | WebApps | Multiple |
| FlatNuke 2.5.x - 'index.php' Multiple Remote File Inclusions | WebApps | Multiple |
| GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities | WebApps | Multiple |
| Human Resource Management System v1.0 - Multiple SQLi | WebApps | Multiple |
| iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS) | WebApps | Multiple |
| Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS | WebApps | Multiple |
| Ivanti vADC 9.9 - Authentication Bypass | WebApps | Multiple |
| Kemp Load Master 7.1.16 - Multiple Vulnerabilities | WebApps | Multiple |
| Magento ver. 2.4.6 - XSLT Server Side Injection | WebApps | Multiple |
| Nagios XI Version 2024R1.01 - SQL Injection | WebApps | Multiple |
| OSGi v3.7.2 (and below) Console - RCE | WebApps | Multiple |
| OSGi v3.8-3.18 Console - RCE | WebApps | Multiple |
| PHP Shopping Cart 4.2 - Multiple-SQLi | WebApps | Multiple |
| SISQUALWFM 7.1.319.103 - Host Header Injection | WebApps | Multiple |
| Sitefinity 15.0 - Cross-Site Scripting (XSS) | WebApps | Multiple |
| SnipeIT 6.2.1 - Stored Cross Site Scripting | WebApps | Multiple |
| SolarWinds Platform 2024.1 SR1 - Race Condition | WebApps | Multiple |
| Splunk 9.0.4 - Information Disclosure | WebApps | Multiple |
| SuperStoreFinder - Multiple Vulnerabilities | WebApps | Multiple |
| SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration | WebApps | Multiple |
| symantec Web gateway 5.0.2.8 - Multiple Vulnerabilities | WebApps | Multiple |
| TP-LINK TL-WR740N - Multiple HTML Injection | WebApps | Multiple |
| WhatsUp Gold 2022 (22.1.0 Build 39) - XSS | WebApps | Multiple |
| Wondercms 4.3.2 - XSS to RCE | WebApps | Multiple |
| Calibre-web 0.6.21 - Stored XSS | WebApps | Multiple |
| xbtitFM 4.1.18 - Multiple Vulnerabilities | WebApps | Multiple |
| openSIS 9.1 - SQLi (Authenticated) | WebApps | PHP |
| Helpdeskz v2.0.2 - Stored XSS | WebApps | PHP |
| 101 News 1.0 - Multiple-SQLi | WebApps | PHP |
| Academy LMS 6.2 - SQL Injection | WebApps | PHP |
| Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated) | WebApps | PHP |
| AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability. | WebApps | PHP |
| AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS) | WebApps | PHP |
| AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE) | WebApps | PHP |
| Akaunting 3.1.8 - Server-Side Template Injection (SSTI) | WebApps | PHP |
| Akaunting < 3.1.3 - RCE | WebApps | PHP |
| Apache mod_proxy_cluster - Stored XSS | WebApps | PHP |
| appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP |
| Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| Automatic-Systems SOC FL9600 FastLine - Directory Transversal | WebApps | PHP |
| Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin | WebApps | PHP |
| Axigen < 10.5.7 - Persistent Cross-Site Scripting | WebApps | PHP |
| Azon Dominator Affiliate Marketing Script - SQL Injection | WebApps | PHP |
| Backdrop CMS 1.23.0 - Stored XSS | WebApps | PHP |
| Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE) | WebApps | PHP |
| Bank Locker Management System - SQL Injection | WebApps | PHP |
| Best Student Result Management System v1.0 - Multiple SQLi | WebApps | PHP |
| Blood Bank 1.0 - 'bid' SQLi | WebApps | PHP |
| Blood Bank v1.0 - Multiple SQL Injection | WebApps | PHP |
| Blood Bank v1.0 - Stored Cross Site Scripting (XSS) | WebApps | PHP |
| Boelter Blue System Management 1.3 - SQL Injection | WebApps | PHP |
| Boss Mini 1.4.0 - local file inclusion | WebApps | PHP |
| BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection | WebApps | PHP |
| Carbon Forum 5.9.0 - Stored XSS | WebApps | PHP |
| CE Phoenix v1.0.8.20 - Remote Code Execution | WebApps | PHP |
| CE Phoenix Version 1.0.8.20 - Stored XSS | WebApps | PHP |
| Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| Client Details System 1.0 - SQL Injection | WebApps | PHP |
| Clinic Queuing System 1.0 - RCE | WebApps | PHP |
| Clinic's Patient Management System 1.0 - Unauthenticated RCE | WebApps | PHP |
| CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP |
| comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset | WebApps | PHP |
| Computer Laboratory Management System v1.0 - Multiple-SQLi | WebApps | PHP |
| Craft CMS 4.4.14 - Unauthenticated Remote Code Execution | WebApps | PHP |
| CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution | WebApps | PHP |
| CSZCMS v1.3.0 - SQL Injection (Authenticated) | WebApps | PHP |
| Curfew e-Pass Management System 1.0 - FromDate SQL Injection | WebApps | PHP |
| Customer Support System 1.0 - Stored XSS | WebApps | PHP |
| CVE-2023-50071 - Multiple SQL Injection | WebApps | PHP |
| Daily Expense Manager 1.0 - 'term' SQLi | WebApps | PHP |
| Daily Habit Tracker 1.0 - Broken Access Control | WebApps | PHP |
| Daily Habit Tracker 1.0 - SQL Injection | WebApps | PHP |
| Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| DataCube3 v1.0 - Unrestricted file upload 'RCE' | WebApps | PHP |
| dawa-pharma 1.0-2022 - Multiple-SQLi | WebApps | PHP |
| Discloser 0.0.4-rc2 - 'index.php?more' SQL Injection | WebApps | PHP |
| Dotclear 2.29 - Remote Code Execution (RCE) | WebApps | PHP |
| E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS) | WebApps | PHP |
| Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure | WebApps | PHP |
| Elementor Website Builder < 3.12.2 - Admin+ SQLi | WebApps | PHP |
| elFinder Web file manager Version - 2.1.53 Remote Command Execution | WebApps | PHP |
| ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP |
| Employee Management System 1.0 - 'admin_id' SQLi | WebApps | PHP |
| Hospital Management System v1.0 - Stored Cross Site Scripting (XSS) | WebApps | PHP |
| htmlLawed 1.2.5 - Remote Code Execution (RCE) | WebApps | PHP |
| HTMLy Version v2.9.6 - Stored XSS | WebApps | PHP |
| Human Resource Management System 1.0 - 'employeeid' SQL Injection | WebApps | PHP |
| Human Resource Management System v1.0 - Multiple SQLi | WebApps | PHP |
| iMLog < 1.307 - Persistent Cross Site Scripting (XSS) | WebApps | PHP |
| Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS | WebApps | PHP |
| JFrog Artifactory < 7.25.4 - Blind SQL Injection | WebApps | PHP |
| Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC) | WebApps | PHP |
| kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition | WebApps | PHP |
| Laravel Framework 11 - Credential Leakage | WebApps | PHP |
| Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated) | WebApps | PHP |
| LimeSurvey Community 5.3.32 - Stored XSS | WebApps | PHP |
| liveSite Version 2019.1 - Remote Code Execution | WebApps | PHP |
| Lost and Found Information System v1.0 - (IDOR) leads to Account Takeover | WebApps | PHP |
| Lot Reservation Management System - Unauthenticated File Disclosure | WebApps | PHP |
| Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution | WebApps | PHP |
| Mambo Component pc_cookbook 0.3 - Remote File Inclusion | WebApps | PHP |
| Microweber 2.0.15 - Stored XSS | WebApps | PHP |
| MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure | WebApps | PHP |
| MISP 2.4.171 - Stored XSS | WebApps | PHP |
| MobileShop master v1.0 - SQL Injection Vuln. | WebApps | PHP |
| Monstra CMS 3.0.4 - Remote Code Execution (RCE) | WebApps | PHP |
| Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameter | WebApps | PHP |
| Moodle 4.3 - Insecure Direct Object Reference | WebApps | PHP |
| Neontext WordPress Plugin - Stored XSS | WebApps | PHP |
| Online Fire Reporting System OFRS - SQL Injection Authentication Bypass | WebApps | PHP |
| Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated) | WebApps | PHP |
| Online Nurse Hiring System 1.0 - Time-Based SQL Injection | WebApps | PHP |
| Online Shopping System Advanced - Sql Injection | WebApps | PHP |
| Open Source Medicine Ordering System v1.0 - SQLi | WebApps | PHP |
| OpenCart Core 4.0.2.3 - 'search' SQLi | WebApps | PHP |
| OpenClinic GA 5.247.01 - Information Disclosure | WebApps | PHP |
| OpenClinic GA 5.247.01 - Path Traversal (Authenticated) | WebApps | PHP |
| Petrol Pump Management Software v1.0 - Remote Code Execution (RCE) | WebApps | PHP |
| PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows) | WebApps | PHP |
| PHP Shopping Cart 4.2 - Multiple-SQLi | WebApps | PHP |
| phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit | WebApps | PHP |
| PopojiCMS 2.0.1 - Remote Command Execution (RCE) | WebApps | PHP |
| PopojiCMS Version 2.0.1 - Remote Command Execution | WebApps | PHP |
| Poultry Farm Management System v1.0 - Remote Code Execution (RCE) | WebApps | PHP |
| Prison Management System - SQL Injection Authentication Bypass | WebApps | PHP |
| Purei CMS 1.0 - SQL Injection | WebApps | PHP |
| PyroCMS v3.0.1 - Stored XSS | WebApps | PHP |
| Quick.CMS 6.7 - SQL Injection Login Bypass | WebApps | PHP |
| Rail Pass Management System 1.0 - Time-Based SQL Injection | WebApps | PHP |
| Red Mombin 0.7 - 'index.php' Cross-Site Scripting | WebApps | PHP |
| Red Mombin 0.7 - 'process_login.php' Cross-Site Scripting | WebApps | PHP |
| Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS) | WebApps | PHP |
| Savsoft Quiz v6.0 Enterprise - Stored XSS | WebApps | PHP |
| Serendipity 2.5.0 - Remote Code Execution (RCE) | WebApps | PHP |
| Service Provider Management System v1.0 - SQL Injection | WebApps | PHP |
| Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal | WebApps | PHP |
| Simple Task List 1.0 - 'status' SQLi | WebApps | PHP |
| Smart School 6.4.1 - SQL Injection | WebApps | PHP |
| SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated) | WebApps | PHP |
| SPA-CART CMS - Stored XSS | WebApps | PHP |
| Stock Management System v1.0 - Unauthenticated SQL Injection | WebApps | PHP |
| SuperStoreFinder - Multiple Vulnerabilities | WebApps | PHP |
| taskhub 2.8.7 - SQL Injection | WebApps | PHP |
| Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi | WebApps | PHP |
| Tourism Management System v2.0 - Arbitrary File Upload | WebApps | PHP |
| TYPO3 11.5.24 - Path Traversal (Authenticated) | WebApps | PHP |
| UPS Network Management Card 4 - Path Traversal | WebApps | PHP |
| V-Webmail 1.6.4 - '/includes/pear/Mail/RFC822.php?CONFIG[pear_dir]' Remote File Inclusion | WebApps | PHP |
| Wallos < 1.11.2 - File Upload RCE | WebApps | PHP |
| WBCE 1.6.0 - Unauthenticated SQL injection | WebApps | PHP |
| WBCE CMS v1.6.2 - Remote Code Execution (RCE) | WebApps | PHP |
| WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated) | WebApps | PHP |
| WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS) | WebApps | PHP |
| WEBIGniter v28.7.23 - Stored XSS | WebApps | PHP |
| Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated) | WebApps | PHP |
| WordPress Augmented-Reality - Remote Code Execution Unauthenticated | WebApps | PHP |
| WordPress File Upload Plugin < 4.23.3 - Stored XSS | WebApps | PHP |
| WordPress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated) | WebApps | PHP |
| WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| WordPress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| WordPress Plugin Background Image Cropper v1.2 - Remote Code Execution | WebApps | PHP |
| WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE) | WebApps | PHP |
| WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover | WebApps | PHP |
| WordPress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| WordPress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS) | WebApps | PHP |
| WordPress Seotheme - Remote Code Execution Unauthenticated | WebApps | PHP |
| WordPress Theme Travelscape v1.0.3 - Arbitrary File Upload | WebApps | PHP |
| WordPress Theme XStore 9.3.8 - SQLi | WebApps | PHP |
| Workout Journal App 1.0 - Stored XSS | WebApps | PHP |
| WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection | WebApps | PHP |
| WP Rocket < 2.10.3 - Local File Inclusion (LFI) | WebApps | PHP |
| WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated) | WebApps | PHP |
| xbtitFM 4.1.18 - Multiple Vulnerabilities | WebApps | PHP |
| Xhibiter NFT Marketplace 1.10.2 - SQL Injection | WebApps | PHP |
| XMB 1.9.12.06 - Stored XSS | WebApps | PHP |
| Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting | WebApps | PHP |
| ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE | WebApps | PHP |
| Zoo Management System 1.0 - Unauthenticated RCE | WebApps | PHP |
| AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability. | WebApps | Go |
| AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS) | WebApps | Go |
| AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE) | WebApps | Go |
| Casdoor < v1.331.0 - '/api/set-password' CSRF | WebApps | Go |
| djangorestframework-simplejwt 5.3.1 - Information Disclosure | WebApps | Go |
| GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities | WebApps | Go |
| Ladder v0.0.21 - Server-side request forgery (SSRF) | WebApps | Go |
| Nokia BMC Log Scanner - Remote Code Execution | WebApps | Go |
| WhatsUp Gold 2022 (22.1.0 Build 39) - XSS | WebApps | Go |
| dizqueTV 1.5.3 - Remote Code Execution (RCE) | WebApps | JSP |
| BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE | WebApps | JSP |
| ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload | WebApps | JSP |
| Sitecore - Remote Code Execution v8.2 | WebApps | ASPX |
| Numbas < v7.3 - Remote Code Execution | WebApps | NodeJS |
| Invesalius3 - Remote Code Execution | WebApps | Python |
| Devika v1 - Path Traversal via 'snapshot_path' | WebApps | Python |
| djangorestframework-simplejwt 5.3.1 - Information Disclosure | WebApps | Python |
| Ray OS v2.6.3 - Command Injection RCE(Unauthorized) | WebApps | Python |
| Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal | WebApps | Python |
| Aurba 501 - Authenticated RCE | WebApps | Linux |
| Metabase 0.46.6 - Pre-Auth Remote Code Execution | WebApps | Linux |
| Nokia BMC Log Scanner - Remote Code Execution | WebApps | Linux |
| symantec Web gateway 5.0.2.8 - Multiple Vulnerabilities | WebApps | Linux |
| HughesNet HT2000W Satellite Modem - Password Reset | WebApps | Hardware |
| Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure | WebApps | Hardware |
| Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass | WebApps | Hardware |
| Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config | WebApps | Hardware |
| Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass | WebApps | Hardware |
| Aquatronica Control System 5.1.6 - Information Disclosure | WebApps | Hardware |
| Check Point Security Gateway - Information Disclosure (Unauthenticated) | WebApps | Hardware |
| Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE | WebApps | Hardware |
| Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass | WebApps | Hardware |
| Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass | WebApps | Hardware |
| Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure | WebApps | Hardware |
| Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass | WebApps | Hardware |
| Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure | WebApps | Hardware |
| Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure | WebApps | Hardware |
| Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass | WebApps | Hardware |
| Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure | WebApps | Hardware |
| Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution | WebApps | Hardware |
| Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal | WebApps | Hardware |
| Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) | WebApps | Hardware |
| Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) | WebApps | Hardware |
| GLiNet - Router Authentication Bypass | WebApps | Hardware |
| Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR | WebApps | Hardware |
| Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS | WebApps | Hardware |
| TP-Link TL-WR740N - Buffer Overflow 'DOS' | WebApps | Hardware |
| TP-LINK TL-WR740N - Multiple HTML Injection | WebApps | Hardware |
| TP-Link TL-WR740N - UnAuthenticated Directory Transversal | WebApps | Hardware |
| Apache OFBiz 18.12.12 - Directory Traversal | WebApps | Java |
| Jenkins 2.441 - Local File Inclusion | WebApps | Java |
| Karaf v4.4.3 Console - RCE | WebApps | Java |
| Flowise 1.6.5 - Authentication Bypass | WebApps | TypeScript |
| Windows TCP/IP - RCE Checker and Denial of Service | DoS | Windows |
| XAMPP - Buffer Overflow POC | DoS | Windows |
| Elasticsearch - StackOverflow DoS | DoS | Multiple |
| LibTiff 3.x - Multiple Denial of Service Vulnerabilities | DoS | Multiple |
| OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service | DoS | Multiple |
| Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' | DoS | Multiple |
| Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS | DoS | Hardware |
| RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service | DoS | Hardware |
| TP-Link TL-WR740N - Buffer Overflow 'DOS' | DoS | Hardware |
| VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service | DoS | Hardware |
| 7 Sticky Notes v1.9 - OS Command Injection | Local | Windows |
| AnyDesk 7.0.15 - Unquoted Service Path | Local | Windows |
| ASUS Control Center Express 01.06.15 - Unquoted Service Path | Local | Windows |
| Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation | Local | Windows |
| ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path | Local | Windows |
| Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path | Local | Windows |
| KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow | Local | Windows |
| KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow | Local | Windows |
| KiTTY 0.76.1.13 - Command Injection | Local | Windows |
| LaborOfficeFree 19.10 - MySQL Root Password Calculator | Local | Windows |
| Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation | Local | Windows |
| Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G | Local | Windows |
| Microsoft Windows Defender - VBScript Detection Bypass | Local | Windows |
| Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass | Local | Windows |
| Microsoft Windows Defender Bypass - Detection Mitigation Bypass | Local | Windows |
| MuPDF < 20091125231942 - 'pdf_shade4.c' Multiple Stack Buffer Overflows | Local | Windows |
| Oracle Database 12c Release 1 - Unquoted Service Path | Local | Windows |
| Plantronics Hub 3.25.1 - Arbitrary File Read | Local | Windows |
| Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path | Local | Windows |
| SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path | Local | Windows |
| Terratec dmx_6fire USB - Unquoted Service Path | Local | Windows |
| Typora v1.7.4 - OS Command Injection | Local | Windows |
| Windows PowerShell - Event Log Bypass Single Quote Code Execution | Local | Windows |
| Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow | Local | Windows |
| Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation | Local | Windows |
| (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes] | Local | Linux |
| Dell Security Management Server <1.9.0 - Local Privilege Escalation | Local | Linux |
| A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc | Local | Multiple |
| MuPDF < 20091125231942 - 'pdf_shade4.c' Multiple Stack Buffer Overflows | Local | Multiple |
| PrusaSlicer 2.6.1 - Arbitrary code execution | Local | Multiple |
| vm2 - sandbox escape | Local | Multiple |
| Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation | Remote | Linux_x86-64 |
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
| Remote | Go |
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
| Remote | Go |
| Nokia BMC Log Scanner - Remote Code Execution | Remote | Go |
DS Wireless Communication - Remote Code Execution
| Remote | Hardware |
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
| Remote | Hardware |
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
| Remote | Hardware |
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS
| Remote | Hardware |
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
| Remote | Hardware |
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
| Remote | Hardware |
GL-iNet MT6000 4.5.5 - Arbitrary File Download
| Remote | Hardware |
GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit
| Remote | Hardware |
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
| Remote | Hardware |
GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit
| Remote | Hardware |
HNAS SMU 14.8.7825 - Information Disclosure
| Remote | Hardware |
Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
| Remote | Hardware |
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
| Remote | Hardware |
Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
| Remote | Hardware |
Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass
| Remote | Hardware |
R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure
| Remote | Hardware |
Ricoh Printer - Directory and File Exposure
| Remote | Hardware |
Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
| Remote | Hardware |
Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure
| Remote | Hardware |
SolarView Compact 6.00 - Command Injection
| Remote | Hardware |
TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure
| Remote | Hardware |
TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password
| Remote | Hardware |
TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection
| Remote | Hardware |
TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution
| Remote | Hardware |
TEM Opera Plus FM Family Transmitter 35.45 - XSRF
| Remote | Hardware |
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution
| Remote | Hardware |
TPC-110W - Missing Authentication for Critical Function
| Remote | Hardware |
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
| Remote | Hardware |
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
| Remote | Hardware |
| Zyxel zysh - Format string | Remote | Hardware |
GitLab CE/EE < 16.7.2 - Password Reset
| Remote | Java |
| JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE) | Remote | Java |
