webapps

日期	标题	类别	作者
2025-04-19	FoxCMS 1.2.5 – Remote Code Execution (RCE)	webapps	VeryLazyTech
2025-04-19	Drupal 11.x-dev – Full Path Disclosure	webapps	Milad karimi
2025-04-18	Tatsu 3.3.11 – Unauthenticated RCE	webapps	Milad karimi
2025-04-18	Hunk Companion Plugin 1.9.0 – Unauthenticated Plugin Installation	webapps	Jun Takemura
2025-04-18	KiviCare Clinic & Patient Management System (EHR) 3.6.4 – Unauthenticated SQL Injection	webapps	samogod
2025-04-18	UJCMS 9.6.3 – User Enumeration via IDOR	webapps	Cyd Tseng
2025-04-18	Inventio Lite 4 – SQL Injection	webapps	pointedsec
2025-04-18	Apache Commons Text 1.10.0 – Remote Code Execution	webapps	Arjun Chaudhary
2025-04-17	compop.ca 3.5.3 – Arbitrary code Execution	webapps	dmlino
2025-04-17	Blood Bank & Donor Management System 2.4 – CSRF Improper Input Validation	webapps	Kwangyun Keum
2025-04-17	Usermin 2.100 – Username Enumeration	webapps	Kjesper
2025-04-17	Angular-Base64-Upload Library 0.1.21 – Unauthenticated Remote Code Execution (RCE)	webapps	Ravindu Wickramasinghe
2025-04-16	FLIR AX8 1.46.16 – Remote Command Injection	webapps	ub3rsick
2025-04-16	Garage Management System 1.0 (categoriesName) – Stored XSS	webapps	ub3rsick
2025-04-16	phpMyFAQ 3.2.10 – Unintended File Download Triggered by Embedded Frames	webapps	Geo
2025-04-16	Zabbix 7.0.0 – SQL Injection	webapps	m4nb4
2025-04-16	NagVis 1.9.33 – Arbitrary File Read	webapps	xerosec
2025-04-16	phpMyFAQ 3.1.7 – Reflected Cross-Site Scripting (XSS)	webapps	CodeSecLab
2025-04-16	ProConf 6.0 – Insecure Direct Object Reference (IDOR)	webapps	ub3rsick
2025-04-16	Teedy 1.11 – Account Takeover via Stored Cross-Site Scripting (XSS)	webapps	Ayato Shitomi @ Fore-Z co.ltd
2025-04-16	Smart Manager 8.27.0 – Post-Authenticated SQL Injection	webapps	Ivan Spiridonov
2025-04-16	KodExplorer 4.52 – Open Redirect	webapps	Rahad Chowdhury
2025-04-16	Car Rental Project 1.0 – Remote Code Execution	webapps	ub3rsick
2025-04-16	Ethercreative Logs 3.0.3 – Path Traversal	webapps	ub3rsick