Vunr

11in1 CMS 1.2.1 - Local File Inclusion (LFI) CVE-2012-0996
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting CVE-2012-4273
404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection CVE-2015-9323
74cms - ajax_common.php SQL Injection CVE-2020-22209
74cms - ajax_officebuilding.php SQL Injection CVE-2020-22210
74cms - ajax_street.php 'key' SQL Injection CVE-2020-22211
74cms - ajax_street.php 'x' SQL Injection CVE-2020-22208
ACME mini_httpd <1.30 - Local File Inclusion CVE-2018-18778
Acrolinx Server <5.2.5 - Local File Inclusion CVE-2018-7719
ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting CVE-2014-4513
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure CVE-2015-0554
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting CVE-2018-19877
Adminimize 1.7.22 - Cross-Site Scripting CVE-2011-4926
Adobe AEM Dispatcher <4.15 - Rules Bypass CVE-2016-0957
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI CVE-2010-2861
Adobe Coldfusion <=8.0.1 - Cross-Site Scripting CVE-2009-1872
Adobe ColdFusion - Unrestricted File Upload Remote Code Execution CVE-2018-15961
Adobe Experience Manager - Expression Language Injection CVE-2019-16469
Adobe Experience Manager - XML External Entity Injection CVE-2019-8086
AdPush < 1.44 - Cross-Site Scripting CVE-2017-18487
Advanced Comment System 1.0 - Local File Inclusion CVE-2020-35598
Advanced Text Widget < 2.0.2 - Cross-Site Scripting CVE-2011-4618
Agentejo Cockpit 0.10.2 - Cross-Site Scripting CVE-2020-14408
Agentejo Cockpit < 0.11.2 - NoSQL Injection CVE-2020-35846
Agentejo Cockpit <0.11.2 - NoSQL Injection CVE-2020-35847
Agentejo Cockpit <0.12.0 - NoSQL Injection CVE-2020-35848
Airflow Experimental <1.10.11 - REST API Auth Bypass CVE-2020-13927
Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure CVE-2020-27361
Alcatel-Lucent OmniPCX - Remote Command Execution CVE-2007-3010
Alert Before Your Post <= 0.1.1 - Cross-Site Scripting CVE-2011-5107
Alerta < 8.1.0 - Authentication Bypass CVE-2020-26214
Alfresco Share - Open Redirect CVE-2019-14223
Allied Telesis AT-GS950/8 - Local File Inclusion CVE-2019-18922
Amcrest IP Camera Web Management - Data Exposure CVE-2017-8229
Anchor CMS 0.12.3 - Error Log Exposure CVE-2018-7251
Apache ActiveMQ Fileserver - Arbitrary File Write CVE-2016-3088
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting CVE-2018-8006
Apache Airflow <=1.10.10 - Remote Code Execution CVE-2020-11978
Apache Airflow <1.10.14 - Authentication Bypass CVE-2020-17526
Apache APISIX - Insufficiently Protected Credentials CVE-2020-13945
Apache Axis2 Default Login CVE-2010-0219
Apache Cocoon 2.1.12 - XML Injection CVE-2020-11991
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation CVE-2017-12635
Apache Flink 1.5.1 - Local File Inclusion CVE-2020-17518
Apache Flink - Local File Inclusion CVE-2020-17519
Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting CVE-2019-10092
Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect CVE-2019-10098
Apache httpd <=2.4.29 - Arbitrary File Upload CVE-2017-15715
Apache Kylin 3.0.1 - Command Injection Vulnerability CVE-2020-1956
Apache Kylin - Exposed Configuration File CVE-2020-13937
Apache mod_userdir CRLF injection CVE-2016-4975
Apache OFBiz 16.11.04 - XML Entity Injection CVE-2018-8033
Apache OFBiz <=16.11.07 - Cross-Site Scripting CVE-2020-1943
Apache S2-032 Struts - Remote Code Execution CVE-2016-3081
Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability CVE-2016-4437
Apache Solr DataImportHandler <8.2.0 - Remote Code Execution CVE-2019-0193
Apache Solr <= 7.1 - XML Entity Injection CVE-2017-12629
Apache Solr <=8.3.1 - Remote Code Execution CVE-2019-17558
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution CVE-2013-2251
Apache Struts 2 - Remote Command Execution CVE-2017-5638
Apache Struts 2.0.0-2.5.25 - Remote Code Execution CVE-2020-17530
Apache Struts <2.3.1.1 - Remote Code Execution CVE-2012-0394
Apache Struts <=2.5.20 - Remote Code Execution CVE-2019-0230
Apache Struts - Multiple Open Redirection Vulnerabilities CVE-2013-2248
Apache Struts2 S2-008 RCE CVE-2012-0392
Apache Struts2 S2-012 RCE CVE-2013-1965
Apache Struts2 S2-052 - Remote Code Execution CVE-2017-9805
Apache Struts2 S2-053 - Remote Code Execution CVE-2017-12611
Apache Struts2 S2-053 - Remote Code Execution CVE-2017-9791
Apache Struts2 S2-057 - Remote Code Execution CVE-2018-11776
Apache Tika <1.1.8- Header Command Injection CVE-2018-1335
Apache Tomcat - Cross-Site Scripting CVE-2019-0221
Apache Tomcat JK Connect <=1.2.44 - Manager Access CVE-2018-11759
Apache Tomcat - Open Redirect CVE-2018-11784
Apache Tomcat - Remote Code Execution CVE-2017-12617
Apache Tomcat Servers - Remote Code Execution CVE-2017-12615
Apache Unomi <1.5.2 - Remote Code Execution CVE-2020-13942
AppServ Open Project <=2.5.10 - Cross-Site Scripting CVE-2008-2398
AppWeb - Authentication Bypass CVE-2018-8715
Aptana Jaxer 1.0.3.4547 - Local File inclusion CVE-2019-14312
Argus Surveillance DVR 4.0.0.0 - Local File Inclusion CVE-2018-15745
Artica Pandora FMS 7.44 - Remote Code Execution CVE-2020-13851
Artica Proxy Community Edition <4.30.000000 - Local File Inclusion CVE-2020-13158
Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection CVE-2020-17506
Artica Web Proxy 4.30 - OS Command Injection CVE-2020-17505
Aruba Airwave <8.2.3.1 - Cross-Site Scripting CVE-2016-8527
Aryanic HighMail (High CMS) - Cross-Site Scripting CVE-2020-23517
Atlassian Confluence Download Attachments - Remote Code Execution CVE-2019-3398
Atlassian Confluence <5.8.17 - Information Disclosure CVE-2015-8399
Atlassian Confluence Server - Path Traversal CVE-2019-3396
Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution CVE-2019-11580
Atlassian Jira Confluence - Cross-Site Scripting CVE-2018-5230
Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery CVE-2017-9506
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization CVE-2019-3401
Atlassian Jira Server-Side Template Injection CVE-2019-11581
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure CVE-2020-14179
Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting CVE-2018-20824
AudioCodes 420HD - Remote Code Execution CVE-2018-10093
Autonomy Ultraseek - Open Redirect CVE-2009-0347
AvantFAX 3.3.3 - Cross-Site Scripting CVE-2017-18024
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting CVE-2012-4547
AWStats < 6.95 - Open Redirect CVE-2009-5020
Axigen Mail Server Filename Directory Traversal CVE-2012-4940
AxxonSoft Axxon Next - Local File Inclusion CVE-2018-7467
b2evolution CMS <6.11.6 - Open Redirect CVE-2020-22840
Babel - Open Redirect CVE-2019-1010290
Barco/AWIND OEM Presentation Platform - Remote Command Injection CVE-2019-3929
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution CVE-2020-35713
Belkin N150 Router 1.00.08/1.00.09 - Path Traversal CVE-2014-2962
BestWebSoft's Twitter < 2.55 - Cross-Site Scripting CVE-2017-18505
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting CVE-2018-16139
Bitrix24 <=20.0.0 - Cross-Site Scripting CVE-2020-13483
BlogEngine.NET 3.3.7.0 - Local File Inclusion CVE-2019-10717
BOA Web Server 0.94.14 - Arbitrary File Access CVE-2017-9833
Bonita BPM Portal <6.5.3 - Local File Inclusion CVE-2015-3897
Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting CVE-2016-10973
Camtron CMNC-200 IP Camera - Directory Traversal CVE-2010-4231
Car Rental Management System 1.0 - Local File Inclusion CVE-2020-29227
Carel pCOWeb <B1.2.4 - Cross-Site Scripting CVE-2019-11370
Centos Web Panel 0.9.8.480 - Local File Inclusion CVE-2018-18323
cgit < 1.2.1 - Directory Traversal CVE-2018-14912
Cherokee HTTPD <=0.5 - Cross-Site Scripting CVE-2006-1681
Chyrp 2.x - Local File Inclusion CVE-2011-2744
Chyrp 2.x - Local File Inclusion CVE-2011-2780
CirCarLife <4.3 - Improper Authentication CVE-2018-16668
CirCarLife <4.3 - Improper Authentication CVE-2018-16670
CirCarLife <4.3 - Improper Authentication CVE-2018-16671
CirCarLife Scada <4.3 - System Log Exposure CVE-2018-12634
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion CVE-2020-3452
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal CVE-2020-3187
Cisco ASA - Local File Inclusion CVE-2018-0296
Cisco ASA/FTD Software - Cross-Site Scripting CVE-2020-3580
Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal CVE-2011-3315
Cisco IOS HTTP Configuration - Authentication Bypass CVE-2001-0537
Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion CVE-2009-1558
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution CVE-2019-1821
Cisco RV110W RV130W RV215W Router - Information leakage CVE-2019-1898
Cisco RV132W/RV134W Router - Information Disclosure CVE-2018-0127
Cisco SD-WAN vManage Software - Local File Inclusion CVE-2020-26073
Cisco Small Business 200,300 and 500 Series Switches - Open Redirect CVE-2019-1943
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure CVE-2019-1653
Cisco Unified Communications Manager 7/8/9 - Directory Traversal CVE-2013-5528
Cisco Unified IP Conference Station 7937G - Denial-of-Service CVE-2020-16139
Citrix ADC and Gateway - Directory Traversal CVE-2019-19781
Citrix SD-WAN Center - Local File Inclusion CVE-2019-12990
Citrix SD-WAN Center - Remote Command Injection CVE-2019-12985
Citrix SD-WAN Center - Remote Command Injection CVE-2019-12986
Citrix SD-WAN Center - Remote Command Injection CVE-2019-12987
Citrix SD-WAN Center - Remote Command Injection CVE-2019-12988
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting CVE-2011-5181
CMSimple 3.1 - Local File Inclusion CVE-2008-2650
Cobbler - Authentication Bypass CVE-2018-1000226
Cobub Razor 0.8.0 - Information Disclosure CVE-2018-8770
Cofax <=2.0RC3 - Cross-Site Scripting CVE-2005-4385
Combodo iTop <2.2.0-2459 - Cross-Site Scripting CVE-2015-6544
Commvault CommCell - Local File Inclusion CVE-2020-25780
Comodo Unified Threat Management Web Console - Remote Code Execution CVE-2018-17431
Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting CVE-2017-18491
Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting CVE-2017-18490
Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting CVE-2017-18492
Contentful <=2020-05-21 - Cross-Site Scripting CVE-2020-13258
CouchCMS <= 2.0 - Path Disclosure CVE-2018-7662
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access CVE-2012-0896
CSE Bookstore 1.0 - SQL Injection CVE-2020-36112
Custom 404 Pro < 3.2.8 - Cross-Site Scripting CVE-2019-14789
Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting CVE-2017-18493
Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting CVE-2017-18494
Cute Editor for ASP.NET 6.4 - Cross-Site Scripting CVE-2020-24903
Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion CVE-2018-16133
D-Link Central WifiManager - Server-Side Request Forgery CVE-2018-15517
D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure CVE-2020-25078
D-Link DIR-600M - Authentication Bypass CVE-2019-13101
D-Link DIR-816L 2.x - Cross-Site Scripting CVE-2020-15895
D-Link DIR-868L/817LW - Information Disclosure CVE-2019-17506
D-Link DNS-320 - Remote Code Execution CVE-2019-16057
D-Link DNS-320 - Unauthenticated Remote Code Execution CVE-2020-25506
D-Link DSL 2888a - Authentication Bypass/Remote Command Execution CVE-2020-24579
D-Link DVG-N5402SP - Local File Inclusion CVE-2015-7245
D-Link Routers - Local File Inclusion CVE-2018-10822
D-Link Routers - Remote Code Execution CVE-2019-16920
D-Link Routers - Remote Command Injection CVE-2018-10823
D-Link - Unauthenticated Remote Code Execution CVE-2018-6530
Dahua Security - Configuration File Disclosure CVE-2017-7925
Dasan GPON Devices - Remote Code Execution CVE-2018-10562
DataTaker DT80 dEX 1.50.012 - Information Disclosure CVE-2017-11165
Debug Endpoint pprof - Exposure Detection CVE-2019-11248
DedeCMS 5.7 - Path Disclosure CVE-2018-6910
DedeCMS 5.7 SP2 - Cross-Site Scripting CVE-2018-18608
DedeCMS 5.7 - SQL Injection CVE-2017-17731
DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution CVE-2018-7700
Dell iDRAC7/8 Devices - Remote Code Injection CVE-2018-1207
Deltek Maconomy 2.2.5 - Local File Inclusion CVE-2019-12314
Devalcms 1.4a - Cross-Site Scripting CVE-2008-6982
Django Debug Page - Cross-Site Scripting CVE-2017-12794
Django - Open Redirect CVE-2018-14574
DokuWiki - Cross-Site Scripting CVE-2017-12583
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities CVE-2012-1226
Dolibarr <7.0.2 - Cross-Site Scripting CVE-2018-10095
DomainMOD 4.11.01 - Cross-Site Scripting CVE-2018-1000856

11in1 CMS 1.2.1 - Local File Inclusion (LFI) CVE-2012-0996

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting CVE-2012-4273

404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection CVE-2015-9323

74cms - ajax_common.php SQL Injection CVE-2020-22209

74cms - ajax_officebuilding.php SQL Injection CVE-2020-22210

74cms - ajax_street.php 'key' SQL Injection CVE-2020-22211

74cms - ajax_street.php 'x' SQL Injection CVE-2020-22208

ACME mini_httpd <1.30 - Local File Inclusion CVE-2018-18778

Acrolinx Server <5.2.5 - Local File Inclusion CVE-2018-7719

ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting CVE-2014-4513

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure CVE-2015-0554

Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting CVE-2018-19877

Adminimize 1.7.22 - Cross-Site Scripting CVE-2011-4926

Adobe AEM Dispatcher <4.15 - Rules Bypass CVE-2016-0957

Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI CVE-2010-2861

Adobe Coldfusion <=8.0.1 - Cross-Site Scripting CVE-2009-1872

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution CVE-2018-15961

Adobe Experience Manager - Expression Language Injection CVE-2019-16469

Adobe Experience Manager - XML External Entity Injection CVE-2019-8086

AdPush < 1.44 - Cross-Site Scripting CVE-2017-18487

Advanced Comment System 1.0 - Local File Inclusion CVE-2020-35598

Advanced Text Widget < 2.0.2 - Cross-Site Scripting CVE-2011-4618

Agentejo Cockpit 0.10.2 - Cross-Site Scripting CVE-2020-14408

Agentejo Cockpit < 0.11.2 - NoSQL Injection CVE-2020-35846

Agentejo Cockpit <0.11.2 - NoSQL Injection CVE-2020-35847

Agentejo Cockpit <0.12.0 - NoSQL Injection CVE-2020-35848

Airflow Experimental <1.10.11 - REST API Auth Bypass CVE-2020-13927

Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure CVE-2020-27361

Alcatel-Lucent OmniPCX - Remote Command Execution CVE-2007-3010

Alert Before Your Post <= 0.1.1 - Cross-Site Scripting CVE-2011-5107

Alerta < 8.1.0 - Authentication Bypass CVE-2020-26214

Alfresco Share - Open Redirect CVE-2019-14223

Allied Telesis AT-GS950/8 - Local File Inclusion CVE-2019-18922

Amcrest IP Camera Web Management - Data Exposure CVE-2017-8229

Anchor CMS 0.12.3 - Error Log Exposure CVE-2018-7251

Apache ActiveMQ Fileserver - Arbitrary File Write CVE-2016-3088

Apache ActiveMQ <=5.15.5 - Cross-Site Scripting CVE-2018-8006

Apache Airflow <=1.10.10 - Remote Code Execution CVE-2020-11978

Apache Airflow <1.10.14 - Authentication Bypass CVE-2020-17526

Apache APISIX - Insufficiently Protected Credentials CVE-2020-13945

Apache Axis2 Default Login CVE-2010-0219

Apache Cocoon 2.1.12 - XML Injection CVE-2020-11991

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation CVE-2017-12635

Apache Flink 1.5.1 - Local File Inclusion CVE-2020-17518

Apache Flink - Local File Inclusion CVE-2020-17519

Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting CVE-2019-10092

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect CVE-2019-10098

Apache httpd <=2.4.29 - Arbitrary File Upload CVE-2017-15715

Apache Kylin 3.0.1 - Command Injection Vulnerability CVE-2020-1956

Apache Kylin - Exposed Configuration File CVE-2020-13937

Apache mod_userdir CRLF injection CVE-2016-4975

Apache OFBiz 16.11.04 - XML Entity Injection CVE-2018-8033

Apache OFBiz <=16.11.07 - Cross-Site Scripting CVE-2020-1943

Apache S2-032 Struts - Remote Code Execution CVE-2016-3081

Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability CVE-2016-4437

Apache Solr DataImportHandler <8.2.0 - Remote Code Execution CVE-2019-0193

Apache Solr <= 7.1 - XML Entity Injection CVE-2017-12629

Apache Solr <=8.3.1 - Remote Code Execution CVE-2019-17558

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution CVE-2013-2251

Apache Struts 2 - Remote Command Execution CVE-2017-5638

Apache Struts 2.0.0-2.5.25 - Remote Code Execution CVE-2020-17530

Apache Struts <2.3.1.1 - Remote Code Execution CVE-2012-0394

Apache Struts <=2.5.20 - Remote Code Execution CVE-2019-0230

Apache Struts - Multiple Open Redirection Vulnerabilities CVE-2013-2248

Apache Struts2 S2-008 RCE CVE-2012-0392

Apache Struts2 S2-012 RCE CVE-2013-1965

Apache Struts2 S2-052 - Remote Code Execution CVE-2017-9805

Apache Struts2 S2-053 - Remote Code Execution CVE-2017-12611

Apache Struts2 S2-053 - Remote Code Execution CVE-2017-9791

Apache Struts2 S2-057 - Remote Code Execution CVE-2018-11776

Apache Tika <1.1.8- Header Command Injection CVE-2018-1335

Apache Tomcat - Cross-Site Scripting CVE-2019-0221

Apache Tomcat JK Connect <=1.2.44 - Manager Access CVE-2018-11759

Apache Tomcat - Open Redirect CVE-2018-11784

Apache Tomcat - Remote Code Execution CVE-2017-12617

Apache Tomcat Servers - Remote Code Execution CVE-2017-12615

Apache Unomi <1.5.2 - Remote Code Execution CVE-2020-13942

AppServ Open Project <=2.5.10 - Cross-Site Scripting CVE-2008-2398

AppWeb - Authentication Bypass CVE-2018-8715

Aptana Jaxer 1.0.3.4547 - Local File inclusion CVE-2019-14312