Skip to content
Nuclei Templates
Search
Ctrl
K
Cancel
RequestBin
Select theme
Dark
Light
Auto
Vulnerability
cloud
alibaba
ack
Public Access to ACK Cluster's API Server - Enabled
Cluster Auditing with Simple Log Service - Disabled
Cloud Monitor for ACK Clusters - Disable
ACK Clusters Check - Disable
Enforced Cluster Support for Network Policies - Disabled
Cluster Support for Network Policies - Missing
Kubernetes Dashboard for ACK Clusters - Enabled
actiontrail
Global Service (Multi-Region) Logging - Disabled
ActionTrail Log Buckets - Publicly Exposed
Alibaba Cloud Environment Validation
ecs
OS Patches - Outdated
Encryption for Unattached Disks - Disabled
Encryption for VM Instance Disks - Disabled
Unrestricted - RDP Access
Unrestricted - SSH Access
oss
Access Logging for OSS Buckets - Disabled
Improper Bucket Server-Side Encryption
Limit Network Access to Selected Networks - Disabled
OSS Bucket Public Accessible
Secure Transfer for OSS Buckets - Disabled
Server-Side Encryption with Customer Managed Key - Disabled
Server-Side Encryption with Service Managed Key - Disabled
ram
Custom RAM Policies With Full Administrative Privileges
Maximum Password Retry Constraint Policy - Disabled
MFA For RAM Users With Console Password - Disabled
RAM Password Policy Expiration - Unconfigured
RAM Password Policy requires Minimum Length 14 or Greater
RAM Password Policy requires atleast One Lowercase - Unconfigured
RAM Password Policy requires atleast One Number - Unconfigured
RAM Password Policy Reuse - Enabled
RAM Password Policy requires atleast One Symbol - Unconfigured
RAM Password Policy requires atleast One Uppercase - Unconfigured
rds
RDS Encryption in Transit - Disabled
PostgreSQL "log_connections" Parameter - Disabled
PostgreSQL "log_disconnections" Parameter - Disabled
PostgreSQL "log_duration" Parameter - Disabled
Microsoft SQLServer Database Instances - SQL Auditing Disabled
MySQL Database Instances - SQL Auditing Disabled
PostgreSQL Database Instances - SQL Auditing Disabled
RDS Database Instances - SQL Auditing Disabled
Transparent Data Encryption - Disabled
security-center
Scheduled Vulnerability Scan - Disabled
Security Center Notifications - Disabled
Security Center Plan - Disabled
vpc
VPC Flow Log - Disabled
aws
acm
Expired ACM Certificates
ACM Certificates Pre-expiration Renewal
ACM Certificates Pre-expiration Renewal
ACM Certificate Validation Check
Wildcard ACM Certificate Usage
AWS Cloud Environment Validation
cloudformation
CloudFormation Stack Notification - Disabled
CloudFormation Stack Policy - Not In Use
CloudFormation Termination Protection - Disabled
cloudfront
CloudFront Compress Objects Automatically
Cloudfront Custom SSL/TLS Certificates - In Use
CloudFront Geo Restriction - Not Enabled
CloudFront Insecure Origin SSL Protocols
CloudFront Integrated With WAF
Cloudfront Logging Disabled
CloudFront Origin Shield - Not Enabled
CloudFront Security Policy
CloudFront Traffic To Origin Unencrypted
CloudFront Viewer Protocol Policy
cloudtrail
CloudTrail S3 Data Events Logging
CloudTrail Disabled
CloudTrail Duplicate Log Avoidance
CloudTrail Global Events Enablement
CloudTrail CloudWatch Integration
CloudTrail Log Integrity Validation not Enabled
CloudTrail Logs Not Encrypted
CloudTrail MFA Delete
CloudTrail Management Events Logging Not Enabled
Public CloudTrail Buckets
CloudTrail S3 Logging
CloudTrail S3 Object Lock
cloudwatch
CloudWatch Alarm Action Not Set
CloudWatch Alarms Actions Enabled
dms
DMS Multi-AZ Not Enabled
Publicly Accessible DMS Replication Instances
DMS Auto Minor Version Upgrade
ebs
EBS Encryption - Disabled
ec2
Enforce IMDSv2 on EC2 Instances
Public IP on EC2 Instances
Open Egress in EC2 Security Group
Unrestricted Access on Uncommon EC2 Ports
EC2 Unrestricted CIFS Access
Unrestricted DNS Access in EC2
Restrict EC2 FTP Access
Unrestricted HTTP on EC2
Unrestricted HTTPs on EC2
Restrict EC2 ICMP Access
Unrestricted Access to Memcached
Unrestricted MongoDB Access in EC2
Unrestricted Access to SQL on EC2
Unrestricted MySQL Access on EC2
Unrestricted NetBIOS Access in EC2
Unrestricted OpenSearch Access
Unrestricted Oracle DB Access
Unrestricted PostgreSQL Access
Restrict EC2 RDP Access
Unrestricted Redis Access
Unrestricted SMTP Access in EC2
Unrestricted SSH Access in EC2
Restrict EC2 Telnet Access
Publicly Shared AMI
Unencrypted AWS AMI
efs
EFS Encryption - Disabled
elasticache
ElastiCache Automatic Backups - Disabled
ElastiCache Event Notifications - Disabled
ElastiCache Redis In-Transit and At-Rest Encryption - Disabled
ElastiCache Redis Multi-AZ - Disabled
elb
ELB Delete Protection - Disabled
firehose
Firehose Delivery Stream Destination Encryption - Disabled
Firehose Delivery Stream Server-Side Encryption - Disabled
guardduty
Open GuardDuty Findings
GuardDuty Not Enabled
GuardDuty Malware Protection - Disabled
GuardDuty S3 Protection - Disabled
iam
IAM Access Analyzer is not Used
Remove Expired SSL/TLS Certificates in AWS IAM
Overly Permissive IAM Policies
IAM Access Key Rotation - 90-Day Policy
MFA not enabled for AWS IAM Console User
IAM Password Policy Not Configured
MFA not enabled on AWS Root Account
SSH Key Rotation - 90-Day Policy
Unapproved IAM Policy Attachments
Enable Self-Service Password Change for IAM Users
SSL/TLS Certificates in AWS IAM about to expire in 30 days
inspector2
Amazon Inspector 2 - Disabled
rds
Aurora Snapshot Tag Copy
Aurora Cluster Deletion Protection
IAM Database Authentication
RDS Auto Minor Version Upgrade - Disabled
RDS Automated Backups - Disabled
AWS RDS Backtrack - Disabled
RDS Automated Backup Check
RDS Cluster Deletion Protection - Disabled
RDS Copy Tags to Snapshots - Disabled
RDS Deletion Protection
RDS Instance Encryption
RDS Event Notification Absence
RDS Security Group Event Notifications
RDS Event Subscription Not Enabled
RDS General Purpose SSD Usage
RDS Performance Insights - Disabled
RDS Instance Storage AutoScaling - Disabled
RDS Log Exports - Disabled
RDS Multi-AZ - Disabled
RDS Publicly Accessible - Enabled
RDS Public Snapshot Exposure
RDS Instance Private Subnet
RDS RI Payment Failure
RDS Snapshot Encryption
route53
DNS Query Logging for Route 53 Hosted Zones - Disabled
DNSSEC Signing for Route 53 Hosted Zones - Disabled
s3
S3 Bucket - Access Logging Not Enabled
Restrict S3 Buckets FULL_CONTROL Access for Authenticated Users
S3 Bucket Key not enabled
Public Access of S3 Buckets via Policy
S3 Bucket MFA Delete Configuration Check
S3 Bucket with Public READ Access
S3 Bucket with Public READ_ACP Access
S3 Bucket with Public WRITE Access
S3 Bucket with Public WRITE_ACP Access
Server-Side Encryption on Amazon S3 Buckets
S3 Bucket Versioning not Enabled
secrets-manager
Secrets Manager Not In Use
Secret Rotation Interval
Secret Rotation Disabled
sns
Public Subscription Access of SNS Topics via Policy
Public Access of SNS Topics via Policy
sqs
SQS Dead Letter Queue - Disabled
Queue Server Side Encryption - Disabled
SQS Queue Exposed
vpc
Open Inbound NACL Traffic
Unrestricted NACL Outbound Traffic
Managed NAT Gateway Usage
Unrestricted Admin Port Access
Exposed VPC Endpoint
VPC Endpoints Not Deployed
VPC Flow Logs Not Enabled
AWS VPN Tunnel Down
azure
accesscontrol
Azure Subscription Administrator Custom Role Unrestricted Access
Azure Custom Owner Role Available
Azure IAM Role for Resource Locking Not Assigned
activedirectory
Azure Entra ID Guest Users Unmonitored
Azure MFA Not Enabled for All Privileged Users
activitylog
Azure MySQL Database Delete Alert Not Configured
Azure Delete Load Balancer Alert Not Configured
Azure Key Vault Delete Alert Not Configured
Azure Key Vault Update Alert Not Configured
Azure Load Balancer Create or Update Alert Not Configured
Azure MySQL Database Create/Update Alert Not Configured
Azure Network Security Group Create/Update Alert Not Configured
Azure Network Security Group Delete Alert Not Configured
Azure NSG Rule Delete Alert Not Configured
Azure Network Security Group Rule Create/Update Alert Not Configured
Azure Policy Assignment Create Alert Not Configured
Azure Policy Assignment Delete Alert Not Configured
Azure PostgreSQL Database Delete Alert Not Configured
Azure PostgreSQL Database Create/Update Alert Not Configured
Azure Public IP Delete Alert Not Configured
Azure Public IP Create/Update Alert Not Configured
Azure Update Security Policy Alert Not Configured
Azure Security Solution Delete Alert Not Configured
Azure Security Solutions Create/Update Alert Not Configured
Azure SQL Database Rename Alert Not Configured
Azure SQL Database Create/Update Alert Not Configured
Azure SQL Delete Database Alert Not Configured
Azure SQL Server Firewall Rule Create/Update/Delete Alert Not Configured
Azure Storage Account Delete Alert Not Configured
Azure Storage Account Create/Update Alert Not Configured
Azure VM Create/Update Alert Not Configured
Azure Virtual Machine Deallocate Alert Not Configured
Azure Virtual Machine Delete Alert Not Configured
Azure Virtual Machine Power Off Alert Not Configured
aiservices
Azure OpenAI Encryption using Customer-Managed Keys Not Enabled
Azure OpenAI Service Instance Managed Identity Not Used
Azure OpenAI Service Instances Not Using Private Endpoints
Azure OpenAI Public Network Access Not Disabled
aks
Azure AKS API Server Access Unrestricted
Azure AKS Kubernetes API Version Not Latest
Azure AKS Not Using CNI Mode
Azure AKS Microsoft Entra ID Integration Not Configured
Azure AKS Kubernetes Version Not Latest
Use System-Assigned Managed Identities for AKS Clusters
Azure AKS Network Contributor Role Unassigned
Azure AKS Managed Identity Not User-Assigned
Azure AKS RBAC Not Enabled
Azure AKS Encryption at Rest Not Using Private Key Vault
apimanagement
Azure API Management HTTP/2 Support Not Enabled
Azure API Management HTTPS Enforcement Not Configured
Azure API Management Non-Encrypted Named Values Exposure
Azure API Management Public Network Access Disabled with Private Endpoint
Azure API Management Service Resource Logs Not Configured
Azure API Management Service System-Assigned Managed Identity Not Configured
Azure API Management Weak TLS Configured
Azure API Management User-Assigned Managed Identity Not Configured
appservice
Azure App Service Always On Disabled
Azure App Service Authentication Not Enabled
Azure App Service Automated Backup Not Configured
Azure App Service Backup Retention Not Configured
Azure App Service Client Certificate Not Required
Azure App Service Microsoft Entra ID Not Configured
Azure App Service Plain FTP Deployment Disabled
Azure App Service FTPS-Only Access Not Enabled
Azure App Service HTTP/2 Not Enabled
Azure App Service HTTPS-Only Not Enforced
Azure App Service Application Insights Not Enabled
Azure App Service Remote Debugging Enabled
Azure App Service TLS Latest Version Not Configured
Azure Environment Validation
cosmosdb
Azure Cosmos DB Automatic Failover Not Enabled
Azure Cosmos DB Default Network Access Unrestricted
functions
Azure Function Access Keys Configuration
Azure Functions with Admin Privileges
Application Insights Integration for Azure Function Apps
Exposed Azure Functions
System-Assigned Managed Identities for Azure Functions
User-Assigned Managed Identities for Azure Functions
Virtual Network Integration for Azure Functions Not Enabled
keyvault
Customer-Managed Key Not Tagged in Azure App Tier
Customer-Managed Key Not Configured for Azure Database Tier
Enable AuditEvent Logging for Azure Key Vaults
Unapproved Certificate Key Type in Azure Key Vaults
Missing Certificate Transparency in Azure Key Vaults
Check for Sufficient Certificate Auto-Renewal Period
Unrestricted Network Access to Azure Key Vaults
Key Vault Recoverability Not Configured
Missing SSL Certificate Auto-Renewal in Azure Key Vaults
Key Vault Trusted Microsoft Services Access Not Configured
locks
Azure KeyVault Resource Lock Not Enabled
monitor
Diagnostic Logs Not Enabled for Azure Resources
Diagnostic Settings Categories on Azure Resources not configured
Azure Log Profile Missing Critical Activity Categories
Azure Monitor Diagnostic Settings for Subscription Activity Log Export Check
network
Azure Network Watcher Service Not Enabled
Review Network Interfaces with IP Forwarding Enabled
Unrestricted CIFS Access in Azure NSGs
Unrestricted DNS Access in Azure NSGs
Unrestricted FTP Access in Azure NSGs
Unrestricted TCP Port 80 Access in Azure NSGs
Unrestricted HTTPS Access in Azure NSGs
Unrestricted ICMP Access in Azure NSGs
Unrestricted MongoDB Access in Azure NSGs
Unrestricted MS SQL Server Access in Azure NSGs
Unrestricted MySQL Database Access in Azure NSGs
Unrestricted NetBIOS Access in Azure NSGs
Unrestricted Oracle Database Access in Azure NSGs
Unrestricted PostgreSQL Database Access in Azure NSGs
Unrestricted RDP Access in Azure NSGs
Unrestricted RPC Access in Azure NSGs
Unrestricted SMTP Access in Azure NSGs
Unrestricted SSH Access in Azure NSGs
Unrestricted Telnet Access in Azure NSGs
Unrestricted UDP Access in Azure NSGs
Restricted Port Range in Azure NSGs
Azure VNet DDoS Unprotected Check
postgresql
Azure PostgreSQL Access From Azure Services Disabled
Azure PostgreSQL Server Connection Throttling Disabled
Azure PostgreSQL Single Server Double Encryption Not Enabled
Azure PostgreSQL Flexible Server log_checkpoints Disabled
Azure PostgreSQL Log Connections Not Enabled
Azure PostgreSQL Log Disconnections Not Enabled
Azure PostgreSQL Log Duration Not Enabled
Azure PostgreSQL Geo-Redundant Backup Not Enabled
Azure PostgreSQL SSL Enforcement Not Enabled
Azure PostgreSQL Storage Auto-Growth Disabled
redis
Azure Redis Cache In-Transit Encryption Not Enabled
Azure Redis Cache TLS Version Not Latest
search
Azure Search Service Managed Identity Not Enabled
securitycenter
Azure Defender for Cloud Automatic Provisioning Disabled
servicebus
Azure Service Bus Public Network Access Disabled
Azure Service Bus Namespace TLS Version Not Latest
sql
Azure SQL Server Auditing Not Enabled
Azure SQL Failover Groups Not Enabled
Azure SQL MI TDE Not Using Customer-Managed Keys
Azure SQL Managed Instance TLS Version Not Latest
Azure SQL TDE Protector Not Using BYOK
Azure SQL Transparent Data Encryption Not Enabled
Azure SQL Classic VA Emails Unconfigured
storageaccounts
Azure Blob Anonymous Access Disabled
Azure Blob Immutable Storage Not Enabled
Azure Blob Storage Lifecycle Management Not Enabled
Azure Storage Blob Service Logging Not Enabled
Azure Blob Storage Soft Delete Not Enabled
Azure Storage Blob Public Access Not Disabled
Azure Storage Account Not Using BYOK
Azure Storage Account Not Using CMK
Azure Storage Cross-Tenant Replication Disabled
Azure Storage Infrastructure Encryption Not Enabled
Azure Storage Minimum TLS Version Not Set to TLS1_2
Azure Storage Default Network Access Not Restricted
Azure Storage Overly Permissive Stored Access Policies
Azure Storage Private Endpoint Not Configured
Azure Storage Publicly Accessible Web Containers
Azure Storage Queue Logging Not Enabled
Azure Storage Secure Transfer Not Enabled
Azure Storage Static Website Configuration Review
Azure Storage Table Logging Not Enabled
Azure Storage Trusted Microsoft Services Access Disabled
subscriptions
Azure Budget Alerts Not Configured
Azure Policy - Not Allowed Resource Types Policy Assignment Not in Use
synapse
Azure Synapse Analytics SQL Pool Transparent Data Encryption Not Enabled
tags
Azure VM Tags Schema Non-compliant
virtualmachines
Azure App-Tier VM Disk Encryption Not Enabled
Azure Disk Encryption Not Enabled for Unattached Disk Volumes
Azure Unused Load Balancer Check
Azure VM Accelerated Networking Not Enabled
Azure VM Accelerated Networking Not Enabled
Azure VM Boot Diagnostics Not Enabled
Azure VM Boot Disk Not Encrypted
Azure VM Disk Volumes BYOK Encryption Not Enabled
Azure VM Endpoint Protection Not Installed
Azure VM Microsoft Entra ID Authentication Not Enabled
Azure VM Guest-Level Diagnostics Not Enabled
Azure VM Just-In-Time Access Not Enabled
Azure VM Managed Identity Not Assigned
Azure VM Performance Diagnostics Feature Not Enabled
Azure VM SSH Authentication Type Not Using Keys
Azure VM Premium SSD Not Required
Azure VM Trusted Launch Not Enabled
Azure VM Not Using Approved Image
Azure VM Unmanaged Disk Volumes Detected
Azure VM Web-Tier Disk Volumes Not Encrypted
Azure VMSS Automatic OS Upgrade Not Enabled
Azure VMSS Automatic Instance Repairs Not Enabled
Azure Virtual Machine Scale Sets Empty and Unattached
Azure VMSS Health Monitoring Not Enabled
Azure VMSS Load Balancer Unassociated
Azure VMSS Public IP Not Assigned
Azure VMSS Instance Termination Notifications Disabled
Azure VMSS Zone-Redundant Configuration Not Enabled
enum
AWS Apps - Cloud Enumeration
AWS S3 Buckets - Cloud Enumeration
Azure Databases - Cloud Enumeration
Azure Virtual Machines - Cloud Enumeration
Azure Websites - Cloud Enumeration
GCP App Engine (Appspot) - Cloud Enumeration
GCP Buckets - Cloud Enumeration
GCP Firebase Apps - Cloud Enumeration
GCP Firebase Realtime Database - Cloud Enumeration
kubernetes
cves
2025
Ingress-Nginx Controller - Unauthenticated Remote Code Execution
deployments
CPU limits not set in Deployments
CPU Requests not set in Deployments
Default Namespace Usage in Deployments
Host ports should not be used
Image Pull Policy set to Always
Image Tag should be fixed - not latest or blank
Liveness Probe Not Configured in Deployments
Memory limits not set in Deployments
Memory requests not set in Deployments
Minimize container added capabilities
Privileged Containers Found in Deployments
Readiness Probes not set in Deployments
Minimize the admission of root containers
Set appropriate seccomp profile
Kubernetes Cluster Validation
network-policies
Check for Missing Network Policies in Kubernetes
Network policies define egress rules
Network Policies specify namespace
Define network ingress rules
pods
Containers run with allowPrivilegeEscalation enabled
Containers sharing host IPC namespace
Host Network Namespace Sharing
Host PID Namespace Sharing
Enforce Read-Only Filesystem for Containers
Pods with read-only root filesystem
Pods run with root user ID
security-compliance
Ensure audit-log-path set
Ensure that encryption providers are configured
Ensure etcd-cafile argument set
Ensure etcd cert and key set
Ensure namespaces are utilized
Checks if service-account-issuer is correctly configured
Ensure service-account-key-file set
Ensure service-account-lookup set
Ensure TLS config appropriately set
code
cves
2014
OpenSSL Heartbleed Vulnerability
2017
Jenkins CLI - Java Deserialization
2019
Sudo <= 1.8.27 - Security Bypass
2020
Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service
2021
Sudo Baron Samedit - Local Privilege Escalation
2023
GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
OwnCloud - WebDAV API Authentication Bypass
Looney Tunables Linux - Local Privilege Escalation
glibc's syslog - Local Privilege Escalation
2024
Privileged Remote Access & Remote Support - Command Injection
Zabbix Server - Time-Based Blind SQL injection
XZ - Embedded Malicious Code
sqlparse - Denial of Service
GitLab - SAML Authentication Bypass
InvoiceShelf <= 1.3.0 - PHP Deserialization
Uptime-Kuma - Local File Inclusion (LFI)
2025
GitLab - SAML Authentication Bypass
privilege-escalation
linux
binary
aa-exec - Privilege Escalation
agetty - Privilege Escalation
Ash - Privilege Escalation
awk - Privilege Escalation
Bash - Privilege Escalation
Cdist - Privilege Escalation
choom - Privilege Escalation
CPUlimit - Privilege Escalation
csh - Privilege Escalation
csvtool - Privilege Escalation
Dash - Privilege Escalation
dc - Privilege Escalation
distcc - Privilege Escalation
elvish - Privilege Escalation
enscript - Privilege Escalation
env - Privilege Escalation
expect - Privilege Escalation
find - Privilege Escalation
fish - Privilege Escalation
Flock - Privilege Escalation
gawk - Privilege Escalation
grc - Privilege Escalation
ionice - Privilege Escalation
Julia - Privilege Escalation
lftp - Privilege Escalation
ltrace - Privilege Escalation
lua - Privilege Escalation
mawk - Privilege Escalation
Multitime - Privilege Escalation
MySQL - Privilege Escalation
nawk - Privilege Escalation
Nice - Privilege Escalation
Node - Privilege Escalation
Nsenter - Privilege Escalation
Perl - Privilege Escalation
pexec - Privilege Escalation
PHP - Privilege Escalation
posh - Privilege Escalation
PHP - Privilege Escalation
Rake - Privilege Escalation
RC - Privilege Escalation
rlwrap - Privilege Escalation
rpm - Privilege Escalation
rpmdb - Privilege Escalation
rpmverify - Privilege Escalation
Ruby - Privilege Escalation
run-parts - Privilege Escalation
sash - Privilege Escalation
slsh - Privilege Escalation
Socat - Privilege Escalation
softlimit - Privilege Escalation
sqlite3 - Privilege Escalation
ssh-agent - Privilege Escalation
sshpass - Privilege Escalation
stdbuf - Privilege Escalation
strace - Privilege Escalation
tar - Privilege Escalation
tcsh - Privilege Escalation
Time - Privilege Escalation
Timeout - Privilege Escalation
tmate - Privilege Escalation
Torify - Privilege Escalation
Torsocks - Privilege Escalation
Unshare - Privilege Escalation
Vi - Privilege Escalation
View - Privilege Escalation
Vim - Privilege Escalation
Xargs - Privilege Escalation
xdg-user-dir - Privilege Escalation
Yash - Privilege Escalation
Zsh - Privilege Escalation
/etc/shadow writable or readabel - Privilege Escalation
/etc/sudoers writable or readable - Privilege Escalation
Sudo NOPASSWD - Privilege Escalation
/etc/passwd writable - Privilege Escalation
windows
audit
Allow Unencrypted FTP
System Allows Untrusted Certificates
Anonymous Enumeration of SAM Accounts Enabled
Anonymous SID Enumeration Enabled
Audit Logging Disabled
Audit Logs Not Archived When Full
AutoLogon Enabled
Automatic Windows Updates Disabled
AutoPlay Enabled for Removable Media
Autorun Scripts in Startup Folder
Credential Guard Not Enabled
Device Guard Not Configured
Do Not Display Last User Name Disabled
Download of Unsigned ActiveX Controls Allowed
FTP Service Running
Guest Account Enabled
Hyper-V Enhanced Session Mode Enabled
Insecure Cipher Suites Enabled
Insecure PowerShell Execution Policy - Detect
LLMNR Disabled
LM Hash Storage Enabled
LM and NTLMv1 Authentication Enabled
Maximum Password Age Set Too High or Unlimited
Minimum Password Age Set to Zero
NetBIOS Disabled
Network Discovery Disabled on Public Networks
Null Session Allowed
Password Complexity Requirements Disabled
Password History Size Too Low
Password Reset from Lock Screen Enabled
Plaintext Passwords Stored in Memory
PowerShell Script Block Logging - Disabled
Remote Desktop Connections Allowed Without Password
Remote Desktop Users Can Redirect Drives
Network Level Authentication for RDP Disabled
Check Remote Assistance Misconfiguration
Remote Desktop Listening Default Port - Detect
Remote Desktop Enabled on Non-Server OS
Restrict Anonymous Access Disabled
Store Passwords Using Reversible Encryption Enabled
Safe DLL Search Mode Disabled
Secure Boot Not Enabled
System Allows Shutdown Without Logging On
Unencrypted Passwords to SMB Servers Allowed
SMB Signing Not Required
SMB v1 Protocol Enabled
Sticky Keys Enabled at Login Screen
Check for Misconfigured Telnet Service
UAC Elevate Without Prompting Enabled
Unencrypted File Sharing Enabled
Installation of Unsigned Kernel-Mode Drivers Allowed
USB Storage Devices Not Restricted
Weak SSL/TLS Protocols Enabled
Active Desktop Enabled
Administrative Shares Enabled
Built-in Administrator Account Has Blank Password
Windows Allows Anonymous SID Enumeration
AutoRun Enabled
Credential Manager Allows Storing of Plain Text Passwords
Windows Defender Real-Time Protection Disabled
Data Execution Prevention (DEP) Not Enabled
Windows Firewall Disabled
Windows Installer Elevated Privileges Enabled
LSA Protection Not Enabled or Not Configured
Minimum Password Length Too Short
Windows Script Host Enabled
Credentials storage for Network Authentication allowed
System Restore Not Configured
User Account Control Disabled
Installation of Unsigned Drivers Allowed
Windows Update Service Disabled
WinRM Allows Unencrypted Traffic
WinRM Basic Authentication Enabled
Windows Remote Management (WinRM) Enabled
Remote Shell Access Allowed
dast
cves
2018
PHP imap - Remote Command Execution
2021
Apache Log4j2 - Remote Code Injection
2022
Spring Framework RCE via Data Binding on JDK 9+
Django - SQL injection
Text4Shell - Remote Code Execution
2024
PHP - LFR to Remote Code Execution
vulnerabilities
cmdi
Blind OS Command Injection
Python Code Injection
Ruby Kernel#open/URI.open RCE
crlf
Parameter based cookie injection
CRLF Injection
csti
Angular Client-side-template-injection
injection
CSV Injection Detection
XInclude Injection - Detection
lfi
LFI Detection - Keyed
Local File Inclusion - Linux
Local File Inclusion - Windows
redirect
Open Redirect Detection
Open Redirect Bypass
rfi
Generic Remote File Inclusion
sqli
Error based SQL Injection
Time-Based Blind SQL Injection
ssrf
Blind SSRF OAST Detection
Full Response SSRF Detection
ssti
Freemarker < 2.3.30 Sandbox Bypass - Server Side Template Injection
oob
Laravel Blade 11.27.2 - Out of Band Template Injection
Bottle - Out of Band Template Injection
Chameleon - Out of Band Template Injection
Codepen - Out of Band Template Injection
DotJS - Out of Band Template Injection
Ejs AND Underscore - Out of Band Template Injection
Erb OR Erubi OR Erubis - Out of Band Template Injection
Freemarker 2.3.33 - Out of Band Template Injection
Groovy - Out of Band Template Injection
Jinja2 - Out of Band Template Injection
Jinjava - Server Side Template Injection
Latte 3.0.20 - Out of Band Template Injection
Mako - Out of Band Template Injection
Pebble - Out of Band Template Injection
Pug.js - Out of Band Template Injection
Spring Expression Language - Out of Band Template Injection
Thymeleaf - Out of Band Template Injection
Tornado - Out of Band Template Injection
VelocityJS 2.0.6 - Out of Band Template Injection
Razor - Server Side Template Injection
Reflected SSTI Arithmetic Based
Smarty - Server Side Template Injection
Twig - Server Side Template Injection
xss
csp-bypass
Content-Security-Policy Bypass - Adnxs IB
Content-Security-Policy Bypass - Adnxs Secure
Content-Security-Policy Bypass - Adobe Campaign
Content-Security-Policy Bypass - AdRoll
Content-Security-Policy Bypass - Afterpay Help
Content-Security-Policy Bypass - Akamai Content
Content-Security-Policy Bypass - Alibaba UG
Content-Security-Policy Bypass - AliExpress ACS
Content-Security-Policy Bypass - AMap WB
Content-Security-Policy Bypass - Amazon AAX EU
Content-Security-Policy Bypass - Amazon Media
Content-Security-Policy Bypass - Amazon Romania
Content-Security-Policy Bypass - Amazon S3 Elysium
Content-Security-Policy Bypass - AncestryCDN Angular
Content-Security-Policy Bypass - AngularJS Code
Content-Security-Policy Bypass - App Link
Content-Security-Policy Bypass - Apple Developer
Content-Security-Policy Bypass - Arkose Labs CDN
Content-Security-Policy Bypass - Arkose Labs Client API
Content-Security-Policy Bypass - Ayco Portal
Content-Security-Policy Bypass - Azure Inno
Content-Security-Policy Bypass - Baidu Map API
Content-Security-Policy Bypass - Baidu Passport
Content-Security-Policy Bypass - Battle.net EU
Content-Security-Policy Bypass - Bazaarvoice API
Content-Security-Policy Bypass - BDImg Apps
Content-Security-Policy Bypass - Bebezoo 1688
Content-Security-Policy Bypass - Bild Don
Content-Security-Policy Bypass - Bing API
Content-Security-Policy Bypass - Bing
Content-Security-Policy Bypass - Blogger API
Content-Security-Policy Bypass - BuzzFeed Mango
Content-Security-Policy Bypass - ByteDance SSO
Content-Security-Policy Bypass - CarbonAds SRV
Content-Security-Policy Bypass - Chartbeat API
Content-Security-Policy Bypass - Clearbit Reveal
Content-Security-Policy Bypass - Cloudflare CDN
Content-Security-Policy Bypass - Cloudflare Challenges
Content-Security-Policy Bypass - Cloudflare Info
Content-Security-Policy Bypass - CloudFront
Content-Security-Policy Bypass - Coinbase Commerce
Content-Security-Policy Bypass - Coinbase Investor
Content-Security-Policy Bypass - Crisp Client
Content-Security-Policy Bypass - Criteo CAS
Content-Security-Policy Bypass - Criteo Dynamic
Content-Security-Policy Bypass - Criteo Gum
Content-Security-Policy Bypass - Cxense API
Content-Security-Policy Bypass - Dailymotion API
Content-Security-Policy Bypass - DBLP
Content-Security-Policy Bypass - Demdex DPM
Content-Security-Policy Bypass - DigitalOcean Anchor
Content-Security-Policy Bypass - Disqus Links
Content-Security-Policy Bypass - DoubleClick PubAds
Content-Security-Policy Bypass - DoubleClick SecurePubAds
Content-Security-Policy Bypass - DuckDuckGo API
Content-Security-Policy Bypass - Elastic Info
Content-Security-Policy Bypass - EthicalAds Server
Content-Security-Policy Bypass - Facebook API
Content-Security-Policy Bypass - Facebook Graph
Content-Security-Policy Bypass - Fastly StoreMapper
Content-Security-Policy Bypass - Firebaseio Rentokil
Content-Security-Policy Bypass - Flickr API
Content-Security-Policy Bypass - Forismatic API
Content-Security-Policy Bypass - FQTag Query
Content-Security-Policy Bypass - FQTag S
Content-Security-Policy Bypass - FWM RM
Content-Security-Policy Bypass - GetDrip API
Content-Security-Policy Bypass - GitHub API
Content-Security-Policy Bypass - GitHub Gist
Content-Security-Policy Bypass - GitLab Page
Content-Security-Policy Bypass - Go Dev
Content-Security-Policy Bypass - Google Accounts
Content-Security-Policy Bypass - Google AJAX
Content-Security-Policy Bypass - Google Analytics
Content-Security-Policy Bypass - Google APIs
Content-Security-Policy Bypass - Google Clients1
Content-Security-Policy Bypass - Google Complete
Content-Security-Policy Bypass - Google CSE
Content-Security-Policy Bypass - Google Maps API SSL
Content-Security-Policy Bypass - Google Maps APIs
Content-Security-Policy Bypass - Google Maps
Content-Security-Policy Bypass - Google Maps DE
Content-Security-Policy Bypass - Google Maps LV
Content-Security-Policy Bypass - Google Maps RU
Content-Security-Policy Bypass - Google reCAPTCHA
Content-Security-Policy Bypass - Google Tag Manager
Content-Security-Policy Bypass - Google Translate
Content-Security-Policy Bypass - Google Ad Services Partner
Content-Security-Policy Bypass - Google APIs Blogger
Content-Security-Policy Bypass - Google APIs Custom Search
Content-Security-Policy Bypass - Google APIs Storage
Content-Security-Policy Bypass - Google APIs Translate
Content-Security-Policy Bypass - Google Tag Manager
Content-Security-Policy Bypass - Gravatar Secure
Content-Security-Policy Bypass - Grubhub Assets
Content-Security-Policy Bypass - GStatic Angular
Content-Security-Policy Bypass - GStatic reCAPTCHA
Content-Security-Policy Bypass - GStatic SSL
Content-Security-Policy Bypass - Hatena APIs Bookmark
Content-Security-Policy Bypass - hCaptcha
Content-Security-Policy Bypass - hCaptcha JS
Content-Security-Policy Bypass - HERE API
Content-Security-Policy Bypass - HSForms
Content-Security-Policy Bypass - HubSpot Forms
Content-Security-Policy Bypass - IBM API
Content-Security-Policy Bypass - IEEE OAMSsoQAE
Content-Security-Policy Bypass - IM Apps Sync
Content-Security-Policy Bypass - Indeed TR
Content-Security-Policy Bypass - Indeed UK
Content-Security-Policy Bypass - IP-API EDNS
Content-Security-Policy Bypass - Ipify API
Content-Security-Policy Bypass - IPInfo
Content-Security-Policy Bypass - iTunes
Content-Security-Policy Bypass - JD API
Content-Security-Policy Bypass - jsDelivr
Content-Security-Policy Bypass - Lijit AP
Content-Security-Policy Bypass - LiveChatInc API
Content-Security-Policy Bypass - LivePerson LPTAG
Content-Security-Policy Bypass - LPSN Media
Content-Security-Policy Bypass - Mail.ru Connect
Content-Security-Policy Bypass - Marketo App
Content-Security-Policy Bypass - Mathtag Pixel
Content-Security-Policy Bypass - Matomo Demo
Content-Security-Policy Bypass - Meetup API
Content-Security-Policy Bypass - Meteoprog
Content-Security-Policy Bypass - Mi Huodong
Content-Security-Policy Bypass - Microsoft API
Content-Security-Policy Bypass - Microsoft Translator API
Content-Security-Policy Bypass - Mixpanel API
Content-Security-Policy Bypass - MoatAds Geo
Content-Security-Policy Bypass - Naver Global APIs
Content-Security-Policy Bypass - Naver Like
Content-Security-Policy Bypass - Olark API
Content-Security-Policy Bypass - OneTrust Geolocation
Content-Security-Policy Bypass - OpenAI TCR9I
Content-Security-Policy Bypass - Opendatasoft Docs
Content-Security-Policy Bypass - OpenExchangeRates
Content-Security-Policy Bypass - OpenStreetMap Nominatim
Content-Security-Policy Bypass - OVO Energy JS SMB
Content-Security-Policy Bypass - Parastorage Static
Content-Security-Policy Bypass - PayPal API
Content-Security-Policy Bypass - PBS URS
Content-Security-Policy Bypass - Pinterest API
Content-Security-Policy Bypass - Pinterest Widgets
Content-Security-Policy Bypass - PixPlug Visitor
Content-Security-Policy Bypass - QQ
Content-Security-Policy Bypass - Quantserve Pixel
Content-Security-Policy Bypass - Quantserve Secure
Content-Security-Policy Bypass - Quantserve SegAPI
Content-Security-Policy Bypass - reCAPTCHA Net
Content-Security-Policy Bypass - Reddit API
Content-Security-Policy Bypass - Ring
Content-Security-Policy Bypass - Roblox API
Content-Security-Policy Bypass - Samsung Shop
Content-Security-Policy Bypass - ServiceNow KBCProd
Content-Security-Policy Bypass - Shopify CDN
Content-Security-Policy Bypass - Shopify TheHive
Content-Security-Policy Bypass - SkimResources R
Content-Security-Policy Bypass - Skype Config
Content-Security-Policy Bypass - Snyk Go
Content-Security-Policy Bypass - SoundCloud
Content-Security-Policy Bypass - ST Angular
Content-Security-Policy Bypass - StackExchange API
Content-Security-Policy Bypass - Swiftype API
Content-Security-Policy Bypass - Syncfusion CDN
Content-Security-Policy Bypass - Taobao Suggest
Content-Security-Policy Bypass - TealiumIQ Visitor Service
Content-Security-Policy Bypass - TikTok Analytics
Content-Security-Policy Bypass - Tumblr API
Content-Security-Policy Bypass - Twitter API
Content-Security-Policy Bypass - ULogin
Content-Security-Policy Bypass - Unpkg Angular
Content-Security-Policy Bypass - Unpkg Hyperscript
Content-Security-Policy Bypass - Usersnap Widget
Content-Security-Policy Bypass - Vercel Storage
Content-Security-Policy Bypass - Vimeo
Content-Security-Policy Bypass - Virtual Earth Dev
Content-Security-Policy Bypass - VK API
Content-Security-Policy Bypass - Wikipedia API
Content-Security-Policy Bypass - Wistia Fast
Content-Security-Policy Bypass - WordPress API
Content-Security-Policy Bypass - WordPress
Content-Security-Policy Bypass - WordPress Public API
Content-Security-Policy Bypass - X API
Content-Security-Policy Bypass - Yahoo Ads Yap
Content-Security-Policy Bypass - Yahoo Search
Content-Security-Policy Bypass - Yandex MC
Content-Security-Policy Bypass - Yandex Social
Content-Security-Policy Bypass - Yandex ST
Content-Security-Policy Bypass - Yandex Translate
Content-Security-Policy Bypass - YandexCloud SmartCaptcha
Content-Security-Policy Bypass - Yastat Angular
Content-Security-Policy Bypass - Yastatic Angular
Content-Security-Policy Bypass - Youku ACS
Content-Security-Policy Bypass - YouTube API
Content-Security-Policy Bypass - YouTube SuggestQueries
Content-Security-Policy Bypass - YTImg S
Content-Security-Policy Bypass - Yuedust Angular
Content-Security-Policy Bypass - Yugiohmonstrosdeduelo Blogger
Content-Security-Policy Bypass - Zendesk Support
Content-Security-Policy Bypass - Zendesk ThisCanBeAnything
Content-Security-Policy Bypass - Zhike Help
Content-Security-Policy Bypass - Zhuanjia Sogou
Content-Security-Policy Bypass - Zoom ST3
DOM Cross Site Scripting
Reflected Cross-Site Scripting
xxe
Generic XML External Entity - (XXE)
dns
Microsoft Azure Takeover Detection
BIMI Record - Detection
CAA Record
CNAME Detect Dangling
DNS DMARC - Detect
DNS Rebinding Attack
DNS SaaS Service Detection
DNS WAF Detection
DNSSEC Detection
AWS EC2 Detection
ElasticBeanstalk Subdomain Takeover Detection
MX Record Detection
Email Service Detector
NS Record Detection
PTR Detected
DNS Servfail Host Finder
SOA Record Service - Detection
SPF Record - Detection
Spoofable SPF Records with PTR Mechanism
DNS TXT Record Detected
DNS TXT Service - Detect
Worksites.net Service Detection
file
android
ADB Backup Enabled
Android Trusts User Certificates
Android Biometric/Fingerprint - Detect
Android Improper Certificate Validation - Detect
Android Content Scheme - Detect
Android Debug Enabled
Android Deep Link - Detect
Android Dynamic Broadcast Receiver Register - Detect
Android File Scheme - Detect
Google Storage Bucket - Detection
Android Insecure Provider Path - Detect
Android WebView Add Javascript Interface - Detect
WebView JavaScript - Detect
WebView loadUrl - Detect
Android WebView Universal Access - Detect
audit
apache
Disable Apache2 Directory Listing
Disable Apache2 HTTP TRACE Method
Disable Apache2 Server Header
Disable Apache Server Signature
Enforce Apache2 ServerTokens Prod
cisco
Cisco AAA Service Configuration - Detect
Cisco Configure Service Timestamps for Debug - Detect
Cisco Configure Service Timestamps Log Messages - Detect
Cisco Disable IP Source-Route - Detect
Cisco Disable PAD - Detect
Enable and User Password with Secret
Cisco Logging Enable - Detect
Cisco Set and Secure Password - Detect
fortigate
Fortinet Auto USB Installation Enabled - Detect
Fortinet Heuristic Scanning not Configured - Detect
Fortinet Inactivity Timeout Not Implemented - Detect
Fortinet Maintainer Account Not Implemented - Detect
Fortinet Password Policy Not Set - Detect
Fortinet Remote Authentication Timeout Not Set - Detect
Fortinet Admin-SCP Disabled - Detect
HTTPS/SSH Strong Ciphers Not Enabled
iis
IIS Directory Browsing Detection
IIS Logging Disabled
mongodb
MongoDB Audit Logging Disabled
MongoDB Authentication Disabled
MongoDB HTTP Interface Enabled
MongoDB SSL Disabled
nginx
Disbale Nginx Server Tokens
Missing Nginx Buffer Overflow Protection
Missing Nginx XSS Protection
Missing Nginx HSTS
Missing Nginx Rate Limiting Configuration
pfsense
DNS Server Not Implemented - Detect
PfSense Configure Sessions Timeout Not Set - Detect
Pfsense Web Admin Management Portal HTTPS Not Set - Detect
PfSense Known Default Account - Detect
PfSense Consolemenu Password Protection Not Implememnted - Detect
PfSense Hostname Not Set - Detect
ssh
Change SSH Default Port
Disable SSH Empty Password
Disable SSH Root Login
Disable SSH Forwarding
Disable SSH Protocol
Enable Privilege Separation in SSH
Hide SSH Last Login Information
Set SSH Idle Timeout Interval
Limit Maximum SSH Authentication Attempts
Limit SSH Users Group Access
Limit SSH Users Access
Unrestricted SSH Access from Non-Whitelisted IPs
SSH Key-Based Authentication - Disabled
bash
Bash Scanner
electron
Electron Version - Detect
Electron Applications - Cross-Site Scripting & Remote Code Execution
js
JS Analyse
keys
Adafruit API Key
adobe
Adobe Client ID
Adobe OAuth Client Secret
age
Age Identity (X22519 secret key)
Age Recipient (X25519 public key)
Airtable API Key
Algolia API Key
alibaba
Alibaba Access Key ID
Alibaba Secret Key ID
amazon
Amazon Web Services Account ID - Detect
Amazon MWS Authentication Token - Detect
Amazon Session Token - Detect
Amazon SNS Token - Detect
Amazon Web Services Access Key ID - Detect
Amazon Web Services Cognito Pool ID - Detect
asana
Asana Client ID
Asana Client Secret
atlassian
Atlassian API Token
azure
Azure Connection String
Beamer API Token
bitbucket
BitBucket Client ID
BitBucket Client Secret
bittrex
Bittrex Access Key
Bittrex Secret Key
Branch.io Live Key - Detect
Clojars API Token
Cloudinary Basic Authorization - Detect
Code Climate Token - Detect
Codecov Access Token
Coinbase Access Token
confluent
Confluent Access Token
Confluent Secret Token
Contentful Delivery API Token
Crates.io API Key - Detect
Credentials Disclosure Check
Basic Authorization Credentials Check
Databricks API Token
Datadog Access Token
dependency
Dependency Track API Key
digitalocean
DigitalOcean Personal Access Token
DigitalOcean Personal Access Token
DigitalOcean Refresh Token
discord
Discord API Token
Discord Client Secret
Discord Client ID
docker
Docker Hub Personal Access Token
doppler
Doppler Audit Token
Doppler CLI Token
Doppler SCIM Token
Doppler Service
Doppler Service Account Token
Doppler API Token
Droneci Access Token
dropbox
Dropbox Access Token
Dropbox API Token
Dropbox Long Lived API Token
Dropbox Short Lived API Token
Duffel API Token
Dynatrace Token - Detect
easypost
Easypost Test API Token
Easypost Test API Token
Etsy Access Token
facebook
Facebook API Token
Facebook Client ID - Detect
Facebook Secret Key - Detect
Facebook Access Token
Fastly API Token
Firebase Cloud Messaging Token
Figma Personal Access Token
finicity
Finicity API Token
Finicity Client Secret
Finnhub Access Token
Firebase Database Detect
Flickr Access Token
flutter
Flutterwave Encryption Key
Flutterwave Public Key
Flutterwave Secret Key
Frameio API Token
Freshbooks Access Token
Google (GCP) Service-account
github
Github App Token
Github OAuth Access Token
GitHub Outdated RSA SSH Host key
Github Personal Token
Github Refresh Token
gitlab
GitLab Personal Access Token
GitLab Pipeline Trigger Token
GitLab Runner Registration Token
Gitter Access Token
Gocardless API Token
google
Google API key
Google Client ID
Google OAuth Client Secret (prefixed)
grafana
Grafana API Key
Grafana Cloud API Key
Grafana Service Account Token
Hashicorp API Token
Heroku API Key
huggingface
HuggingFace User Access Token
Jenkins Token or Crumb
kubernetes
kubernetes.io/dockercfg Secret
kubernetes.io/dockerconfigjson Secret
linkedin
LinkedIn Client ID
LinkedIn Secret Key
Linkedin Client ID
Mailchimp API Key
Mailgun API Key
Mapbox Token
newrelic
New Relic API Service Key
New Relic License Key
New Relic License Key (non-suffixed)
New Relic Pixie API Key
New Relic Pixie Deploy Key
NPM Access Token (fine-grained)
NuGet API Key
odbc
ODBC Connection String
okta
Okta API Token
OpenAI API Key
particle
particle.io Access Token
Paypal Braintree Access Token
Pictatic API Key
Postman API Key
Private Key Detect
PyPI Upload Token
Razorpay Client ID
react
React App Password
React App Username
RubyGems API Key
S3 Bucket Detect
salesforce
Salesforce Access Token
Sauce Access Token
Segment Public API Token
Sendgrid API Key
Shopify Custom App Access Token
Shopify Private App Access Token
Shopify Access Token (Public App)
Shopify Shared Secret
Shopify Access Token
Slack API Key
Slack Webhook
Square Access Token
Square OAuth Secret
StackHawk API Key
Stripe API Key
Telegram Bot Token
thingsboard
ThingsBoard Access Token
truenas
TrueNAS API Key (WebSocket)
Twilio API Key
twitter
Twitter Client ID
Twitter Secret Key
wireguard
WireGuard Preshared Key
WireGuard Private Key
Zapier Webhook
Zendesk Secret Key
logs
ASP.NET Framework Exceptions
Django Framework Exceptions
Node.js Framework Exceptions
Python App - SQL Exception
Ruby on Rails Framework Exceptions
Spring Framework Exceptions
SQL - Error Messages
malware
AAR Malware - Detect
Adzok Malware - Detect
Alfa Malware - Detect
AlienSpy Malware - Detect
Alina Malware - Detect
Alpha Malware - Detect
Andromeda Malware - Detect
Ap0calypse Malware - Detect
Arcom Malware - Detect
Arkei Malware - Detect
Backoff Malware - Detect
Bandook Malware - Detect
BasicRAT Malware - Detect
BlackNix Malware - Detect
Blackworm Malware - Detect
BlueBanana Malware - Detect
Bozok Malware - Detect
Bublik Malware Detector
CAP HookExKeylogger Malware - Detect
Cerber Malware - Detect
Cerberus Malware - Detect
ClientMesh Malware - Detect
Crimson Malware - Detect
CrunchRAT Malware - Detect
CryptXXX Dropper Malware - Detect
CryptXXX Malware - Detect
Cxpid Malware - Detect
Cythosia Malware - Detect
DarkRAT Malware - Detect
DDoSTf Malware - Detect
Derkziel Malware - Detect
Dexter Malware - Detect
DiamondFox Malware - Detect
DMA Locker Malware - Detect
DoublePulsar Malware - Detect
Eicar Malware - Detect
Erebus Malware - Detect
Ezcob Malware - Detect
FUDCrypt Malware - Detect
Gafgyt Malware - Detect
Gafgyt Malware - Detect
Gafgyt Malware - Detect
Gafgyt Malware - Detect
Gafgyt Malware - Detect
Gafgyt Oh Malware - Detect
Genome Malware - Detect
Glass Malware - Detect
Glasses Malware - Detect
Gozi Malware - Detect
GPGQwerty Malware - Detect
Greame Malware - Detect
Grozlex Malware - Detect
hash
Anthem DeepPanda Trojan Kakfum Malware Hash - Detect
AppleJeus Malware Hash - Detect
AVBurner Malware Hash - Detect
Backwash Malware Hash - Detect
Blackenergy-Driver Amdide Hash - Detect
BlackEnergy Driver USBMDM Malware Hash - Detect
BlackEnergy KillDisk Malware Hash - Detect
BlackEnergy BackdoorPass DropBear SSH Malware Hash - Detect
BlackEnergy VBS Agent Malware Hash - Detect
bluelight Malware Hash - Detect
Bluetermite Emdivi Malware Hash - Detect
Bluetermite Emdivi SFX Malware Hash - Detect
CharmingCypress Malware Hash - Detect
CheshireCat Malware Hash - Detect
CloudDuke Malware Hash - Detect
Codoso APT Gh0st Malware Hash - Detect
Codoso APT Malware Hash - Detect
Codoso APT PGV_PVID Malware Hash - Detect
Codoso APT PlugX Malware Hash - Detect
DISGOMOJI Malware Hash - Detect
Dubnium Malware Hash - Detect
Dubnium Sample SSHOpenSSL Hash - Detect
Emissary APT Malware Hash - Detect
EvilBamboo Malware Hash - Detect
FakeM_Generic Malware Hash - Detect
Flipflop Loader Hash - Detect
Furtim Malware Hash - Detect
GIMMICK Malware Hash - Detect
Godzilla Webshell Hash - Detect
Greenbug Malware Hash - Detect
ICO Malware Hash - Detect
Industroyer Malware Hash - Detect
Iron Panda malware DnsTunClient Hash - Detect
Iron Panda Malware Htran Hash - Detect
Iron Panda Malware Hash - Detect
Locky Ransomware Hash - Detect
MiniDionis Malware Hash - Detect
MiniDionis VBS Dropped File Hash - Detect
Backdoor Naikon APT Malware Hash - Detect
Neuron2 Loader Strings Turla APT loader Hash - Detect
OilRig Malware Campaign Gen1 Hash - Detect
PassCV Sabre Tool NTScan Malware Hash - Detect
PassCV Sabre Malware Hash - Detect
PassCV Sabre Malware Signing Cert Hash - Detect
Petya Ransomware Hash - Detect
Poseidon Group Malicious Word Document Hash - Detect
Poseidon Group Malware Hash - Detect
PowerStar Malware Hash - Detect
PurpleWave v1.0 Malware Hash - Detect
Red Leaves Malware Hash - Detect
ReGeorg Webshell Hash - Detect
Revil Ransomware Hash - Detect
ROKRAT Loader Malware Hash- Detect
Sauron Malware Hash - Detect
SeaDuke Malware Hash - Detect
Malicious SFX1 Hash - Detect
SFXRAR Acrotray Malware Hash - Detect
Sharpext Malware Hash - Detect
Sofacy Group Malware - Detect
Sofacy Fybis Linux Backdoor Hash - Detect
Sofacy Group Winexe Tool Hash - Detect
TidePool Malware Hash - Detect
Turla APT Malware - Detect
Unit 78020 Malware Hash - Detect
Upstyle Malware Hash - Detect
WildNeutron APT Sample Hash - Detect
HawkEye Malware - Detect
Hydracrypt Malware - Detect
Imminent Malware - Detect
Infinity Malware - Detect
Insta11 Malware - Detect
Intel Virtualization Malware - Detect
IotReaper Malware - Detect
Linux AESDDOS Malware - Detect
Linux BillGates Malware - Detect
Linux Elknot Malware - Detect
Linux MrBlack Malware - Detect
Linux Tsunami Malware - Detect
Locky Malware - Detect
LostDoor Malware - Detect
LuminosityLink Malware - Detect
LuxNet Malware - Detect
MacGyver.cap Installer Malware - Detect
MacGyver.cap Malware - Detect
Bella Malware - Detect
Madness DDOS Malware - Detect
Miner Malware - Detect
MiniASP3 Malware - Detect
Naikon Malware - Detect
nAspyUpdate Malware - Detect
Notepad v1.1 Malware - Detect
Olyx Malware - Detect
OSX Leverage Malware - Detect
Paradox Malware - Detect
Petya Malware (Variant 1) - Detect
Petya Malware (Variant 3) - Detect
Petya Malware (Variant Bitcoin) - Detect
Plasma Malware - Detect
PoetRat Malware - Detect
Pony Malware - Detect
Windows Pony Stealer Malware - Detect
PowerWare Malware - Detect
PubSab Malware - Detect
Punisher Malware - Detect
Fake PyPI Malware - Detect
PythoRAT Malware - Detect
QRat Malware - Detect
Satana Dropper Malware - Detect
Satana Malware - Detect
ShimRat Malware - Detect
ShimRatReporter Malware - Detect
Sigma Malware - Detect
SmallNet Malware - Detect
Snake Malware - Detect
Sub7Nation Malware - Detect
T5000 Malware - Detect
Tedroo Malware - Detect
Terminator Malware - Detect
TeslaCrypt Malware - Detect
Tox Malware - Detect
Trickbot Malware - Detect
Trickbot Malware - Detect
TrumpBot Malware - Detect
Universal 1337 Stealer Malware - Detect
Unrecom Malware - Detect
Urausy Skype Malware - Detect
Vertex Malware - Detect
VirusRat Malware - Detect
Warp Malware - Detect
WannaCry Malware - Detect
Warp Malware - Detect
xHide Malware - Detect
XOR_DDosv1 Malware - Detect
Yayih Malware - Detect
Zegost Malware - Detect
ZoxPNG Malware - Detect
Zcrypt Malware - Detect
nodejs
Admzip Path Overwrite
Express - Local File Read
Generic - Path Traversal
Path Injection Vulnerability in TAR Extraction
XSS Disable Mustache Escape
Zip Path Overwrite
perl
Perl File Scanner
php
PHP Scanner
python
Python Scanner
url-analyse
URL Extension Inspector
webshell
ASP/ASP.NET Webshell - Detect
JSP Webshell - Detect
PHP Webshell - Detect
xss
DOM Invader - Cross-Site Scripting
headless
Cookie Consent Detection
cves
2018
Swagger UI < 3.38.0 - Cross-Site Scripting
2022
WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
2024
HTTP API DOM - XSS on JSONP callback
Polyfill Supply Chain Attack Malicious Code Execution
2025
Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting
Backdrop CMS - Cross-Site Scripting
Next.js Middleware Authorization Bypass
DVWA Headless Automatic Login
Extract URLs from HTML attributes
Open Redirect - Detect
Postmessage Outgoing Tracker
Postmessage Tracker
Prototype Pollution Check
Headless Http Screenshot
technologies
Common JS Libraries - Detection
SAP Spartacus detect
vulnerabilities
retool
Retool <3.82.0 Edge OAuth Authorize - DOM Based XSS
Webpack Sourcemap
window.name - DOM Cross-Site Scripting
http
cnvd
2017
Fanwei eMobile - OGNL Injection
Dahua DSS - SQL Injection
2018
Metinfo - Local File Inclusion
2019
Xiuno BBS CNVD-2019-01348
CatfishCMS - Remote Command Execution
Zhiyuan A8 - Remote Code Execution
Fanwei e-cology <=9.0 - Remote Code Execution
2020
Xxunchi CMS - Local File Inclusion
Showdoc <2.8.6 - File Uploads
Sangfor EDR - Remote Code Execution
Ruijie Smartweb - Default Password
Seeyon - Local File Inclusion
jshERP - Information Disclosure
H5S CONSOLE - Unauthorized Access
WeiPHP 5.0 - Path Traversal
2021
Ruoyi Management System - Local File Inclusion
Ruijie Networks-EWEB Network Management System - Remote Code Execution
EEA - Information Disclosure
Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
ShopXO Download File Read
EmpireCMS 7.5 - Cross-Site Scripting
Ruijie Smartweb Management System Password Information Disclosure
eYouMail - Remote Code Execution
Landray-OA - Local File Inclusion
UFIDA NC BeanShell Remote Command Execution
360 Xintianqing - SQL Injection
OA E-Cology LoginSSO.jsp - SQL Injection
AceNet AceReporter Report - Arbitrary File Download
MPSec ISG1000 Security Gateway - Arbitrary File Download
Pan Micro E-office File Uploads
Leadsec VPN - Arbitrary File Read
2022
Sunflower Simple and Personal - Remote Code Execution
ZenTao CMS - SQL Injection
Weaver OA XmlRpcServlet - Arbitary File Read
ThinkPHP Multi Languag - File Inc & Remote Code Execution (RCE)
2023
EduSoho < v22.4.7 - Local File Inclusion
Hongjing Human Resource Management System - SQL Injection
E-Cology V9 - SQL Injection
LiveGBS user/save - Logical Flaw
McVie Safety Digital Management Platform - Arbitrary File Upload
UFIDA NC uapjs - Remote Code Execution
2024
AJ-Report Open Source Data Screen - Remote Code Execution
UFIDA U8 Cloud - SQL Injection
Zhejiang Dahua Smart Cloud Gateway Registration Platform - SQL Injection
credential-stuffing
cloud
Atechmedia/Codebase Login Check
Atlassian Login Check
useanvil.com Login Check
Chef.io Login Check
codepen.io Login Check
Datadog Login Check
Docker Hub Login Check
gitea.com Login Check
Github Login Check
Postman Login Check
pulmi.com Login Check
self-hosted
Gitlab Login Check Self Hosted
Grafana Login Check
Jira Login Check
cves
2000
Microsoft FrontPage Extensions Check (shtml.dll)
Jakarta Tomcat 3.1 and 3.0 - Exposure
2001
Cisco IOS HTTP Configuration - Authentication Bypass
2002
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
2004
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
2005
Lotus Domino R5 and R6 WebMail - Information Disclosure
Horde Groupware Unauthenticated Admin Access
SAP Web Application Server 6.x/7.0 - Open Redirect
Cofax <=2.0RC3 - Cross-Site Scripting
2006
Cherokee HTTPD <=0.5 - Cross-Site Scripting
Squirrelmail <=1.4.6 - Local File Inclusion
2007
Jira Rainbow.Zen - Cross-Site Scripting
Apache Tomcat 4.x-7.x - Cross-Site Scripting
Alcatel-Lucent OmniPCX - Remote Command Execution
Joomla! RSfiles <=1.0.2 - Local File Inclusion
OpenSymphony XWork/Apache Struts2 - Remote Code Execution
phpPgAdmin <=4.1.1 - Cross-Site Scripting
2008
WordPress Sniplets 1.1.2 - Local File Inclusion
WordPress Sniplets <=1.2.2 - Cross-Site Scripting
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
AppServ Open Project <=2.5.10 - Cross-Site Scripting
CMSimple 3.1 - Local File Inclusion
Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
Joomla! <=2.0.0 RC2 - Local File Inclusion
phpPgAdmin <=4.2.1 - Local File Inclusion
Joomla! ionFiles 4.4.2 - Local File Inclusion
Joomla! Component RWCards 3.0.11 - Local File Inclusion
Joomla! ProDesk 1.0/1.2 - Local File Inclusion
Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
nweb2fax <=0.2.7 - Local File Inclusion
Devalcms 1.4a - Cross-Site Scripting
UC Gateway Investment SiteEngine v5.0 - Open Redirect
2009
Autonomy Ultraseek - Open Redirect
ZeroShell <= 1.0beta11 Remote Code Execution
Horde/Horde Groupware - Local File Inclusion
PhpMyAdmin Scripts - Remote Code Execution
Joomla! Cmimarketplace 0.1 - Local File Inclusion
Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
Joomla! MooFAQ 1.0 - Local File Inclusion
Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
Joomla! Agora 3.0.0b - Local File Inclusion
Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
KR-Web <=1.1b2 - Remote File Inclusion
Joomla! Portfolio Nexus - Remote File Inclusion
AWStats < 6.95 - Open Redirect
WebGlimpse 2.18.7 - Directory Traversal
2010
Joomla! Component com_biblestudy - Local File Inclusion
Apache Axis2 Default Login
Joomla! Component CCNewsLetter - Local File Inclusion
Joomla! Component Jw_allVideos - Arbitrary File Retrieval
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
Joomla! Component com_jvideodirect - Directory Traversal
Joomla! Component com_jashowcase - Directory Traversal
Joomla! Component com_jcollection - Directory Traversal
Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
Joomla! Component com_cartweberp - Local File Inclusion
Joomla! Component com_abbrev - Local File Inclusion
Joomla! Component com_rokdownloads - Local File Inclusion
Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
Joomla! Component com_janews - Local File Inclusion
Joomla! Component DW Graph - Local File Inclusion
Joomla! Component User Status - Local File Inclusion
Joomla! Component JInventory 1.23.02 - Local File Inclusion
Joomla! Component Picasa 2.0 - Local File Inclusion
Joomla! Component Magic Updater - Local File Inclusion
Joomla! Component SVMap 1.1.1 - Local File Inclusion
Joomla! Component News Portal 1.5.x - Local File Inclusion
Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
Joomla! Component Highslide 1.5 - Local File Inclusion
Joomla! Component webERPcustomer - Local File Inclusion
Joomla! Component com_jresearch - 'Controller' Local File Inclusion
Joomla! Component Cookex Agency CKForms - Local File Inclusion
Joomla! Component Juke Box 1.7 - Local File Inclusion
Joomla! Component LoginBox - Local File Inclusion
Joomla! Component VJDEO 1.0 - Local File Inclusion
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
Joomla! Component JProject Manager 1.0 - Local File Inclusion
Joomla! Component Web TV 1.0 - Local File Inclusion
Joomla! Component Address Book 1.5.0 - Local File Inclusion
Joomla! Component Horoscope 1.5.0 - Local File Inclusion
Joomla! Component Advertising 0.25 - Local File Inclusion
Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
Joomla! Component Jfeedback 1.2 - Local File Inclusion
Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
Joomla! Component AWDwall 1.5.4 - Local File Inclusion
Joomla! Component Matamko 1.01 - Local File Inclusion
Joomla! Component redSHOP 1.0 - Local File Inclusion
Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
Joomla! Component TweetLA 1.0.1 - Local File Inclusion
Joomla! Component Shoutbox Pro - Local File Inclusion
Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
Joomla! Component com_blog - Directory Traversal
HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
Joomla! Component JA Comment - Local File Inclusion
Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
Joomla! Component ZiMBCore 0.1 - Local File Inclusion
Joomla! Component WMI 1.5.0 - Local File Inclusion
Joomla! Component Graphics 1.0.6 - Local File Inclusion
Joomla! Component SmartSite 1.0.0 - Local File Inclusion
Joomla! Component NoticeBoard 1.3 - Local File Inclusion
Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
Joomla! Component Arcade Games 1.0 - Local File Inclusion
Joomla! Component Online Exam 1.5.0 - Local File Inclusion
Joomla! Component iF surfALERT 1.2 - Local File Inclusion
Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
Joomla! Component Online Market 2.x - Local File Inclusion
Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion
Joomla! Component SMEStorage - Local File Inclusion
ListSERV Maestro <= 9.0-8 RCE
Joomla! Component Property - Local File Inclusion
Joomla! Component OrgChart 1.0.0 - Local File Inclusion
Joomla! Component BeeHeard 1.0 - Local File Inclusion
Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
Joomla! Component Love Factory 1.3.4 - Local File Inclusion
Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
Joomla! Component Fabrik 2.0 - Local File Inclusion
Joomla! Component JA Voice 2.0 - Local File Inclusion
Joomla! Component redTWITTER 1.0 - Local File Inclusion
Joomla! Percha Categories Tree 0.6 - Local File Inclusion
Joomla! Component Percha Image Attach 1.1 - Directory Traversal
Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
Joomla! Component MS Comment 0.8.0b - Local File Inclusion
Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
Joomla! Component com_bfsurvey - Local File Inclusion
Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
Joomla! Component jesectionfinder - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Music Manager - Local File Inclusion
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
Camtron CMNC-200 IP Camera - Directory Traversal
Tiki Wiki CMS Groupware 5.2 - Local File Inclusion
phpShowtime 2.0 - Directory Traversal
Joomla! Component JotLoader 2.2.1 - Local File Inclusion
Joomla! Component JRadio - Local File Inclusion
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
Joomla! Component Canteen 1.0 - Local File Inclusion
Joomla! Component JE Job 1.0 - Local File Inclusion
MODx manager - Local File Inclusion
Joomla! Component Jstore - 'Controller' Local File Inclusion
2011
Majordomo2 - SMTP/HTTP Directory Traversal
WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
Chyrp 2.x - Local File Inclusion
Chyrp 2.x - Local File Inclusion
Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
Advanced Text Widget < 2.0.2 - Cross-Site Scripting
GRAND FlAGallery 1.57 - Cross-Site Scripting
WebTitan < 3.60 - Local File Inclusion
Joomla! Component com_kp - 'Controller' Local File Inclusion
Adminimize 1.7.22 - Cross-Site Scripting
WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
Skysa App Bar 1.04 - Cross-Site Scripting
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
Orchard 'ReturnUrl' Parameter URI - Open Redirect
Featurific For WordPress 1.6.2 - Cross-Site Scripting
2012
Apache Struts2 S2-008 RCE
Apache Struts <2.3.1.1 - Remote Code Execution
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
YouSayToo auto-publishing 1.0 - Cross-Site Scripting
phpShowtime 2.0 - Directory Traversal
OpenEMR 4.1 - Local File Inclusion
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
PHP CGI v5.3.12/5.4.2 Remote Code Execution
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
WP-FaceThumb 0.1 - Cross-Site Scripting
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
WebsitePanel before v1.2.2.1 - Open Redirect
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
MySQLDumper 1.24.4 - Directory Traversal
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
FlatnuX CMS - Directory Traversal
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
Axigen Mail Server Filename Directory Traversal
Forescout CounterACT 6.3.4.1 - Open Redirect
TikiWiki CMS Groupware v8.3 - Open Redirect
WordPress Integrator 1.32 - Cross-Site Scripting
WordPress Plugin Age Verification v0.4 - Open Redirect
2013
Apache Struts2 S2-012 RCE
Apache Struts - Multiple Open Redirection Vulnerabilities
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
Telaen => v1.3.1 - Open Redirect
WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
Javafaces LFI
WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
Xibo 1.2.2/1.4.1 - Directory Traversal
WordPress Spreadsheet - Cross-Site Scripting
Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
XStream <1.4.6/1.4.10 - Remote Code Execution
2014
DomPHP 0.83 - Directory Traversal
Eyou E-Mail <3.6 - Remote Code Execution
ZTE Cable Modem Web Shell
Lighttpd 1.4.34 SQL Injection and Path Traversal
Dompdf < v0.6.0 - Local File Inclusion
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
ElasticSearch v1.1.1/1.2 RCE
Seagate BlackArmor NAS - Command Injection
Drupal SQL Injection
Node.js st module Directory Traversal
Oracle Weblogic - Server-Side Request Forgery
ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
Import Legacy Media <= 0.1 - Cross-Site Scripting
Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
Movies <= 0.6 - Cross-Site Scripting
Podcast Channels < 0.28 - Cross-Site Scripting
Shortcode Ninja <= 1.4 - Cross-Site Scripting
WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
WP Planet <= 0.1 - Cross-Site Scripting
WordPress Plugin Tera Charts - Local File Inclusion
Cross RSS 1.7 - Local File Inclusion
WordPress EasyCart <2.0.6 - Information Disclosure
Fonality trixbox - Local File Inclusion
Last.fm Rotation 1.0 - Path Traversal
Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
webEdition 6.3.8.0 - Directory Traversal
WordPress Plugin WP Content Source Control - Directory Traversal
ShellShock - Remote Code Execution
HTTP File Server <2.3c - Remote Command Execution
Osclass Security Advisory 3.4.1 - Local File Inclusion
Simple Online Planning Tool <1.3.2 - Local File Inclusion
Gogs (Go Git Service) - SQL Injection
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
WordPress DZS-VideoGallery Plugin Cross-Site Scripting
WordPress DB Backup <=4.5 - Local File Inclusion
Eleanor CMS - Open Redirect
Frontend Uploader <= 0.9.2 - Cross-Site Scripting
Netsweeper 4.0.8 - Cross-Site Scripting
Netsweeper 4.0.4 - Cross-Site Scripting
Netsweeper 4.0.3 - Cross-Site Scripting
Netsweeper 4.0.8 - Directory Traversal
Netsweeper 4.0.5 - Default Weak Account
Netsweeper 4.0.4 - Cross-Site Scripting
Netsweeper 3.0.6 - Open Redirection
Netsweeper - Authentication Bypass
2015
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
WordPress Candidate Application Form <= 1.3 - Local File Inclusion
WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
WordPress MyPixs <=0.3 - Local File Inclusion
ElasticSearch - Remote Code Execution
IceWarp Mail Server <11.1.1 - Directory Traversal
WordPress Slider Revolution - Local File Disclosure
Microsoft Windows 'HTTP.sys' - Remote Code Execution
Fortinet FortiOS <=5.2.3 - Cross-Site Scripting
WP Attachment Export < 0.2.4 - Unrestricted File Download
Magento Server MAGMI - Directory Traversal
Magento Server Mass Importer - Cross-Site Scripting
Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
Ericsson Drutt MSDP - Local File Inclusion
WordPress Spider Calendar <=1.4.9 - SQL Injection
WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
DotNetNuke 07.04.00 - Administration Authentication Bypass
Navis DocumentCloud <0.1.1 - Cross-Site Scripting
Kaseya Virtual System Administrator - Open Redirect
SysAid Help Desk <15.2 - Local File Inclusion
TP-LINK - Local File Inclusion
Ruby on Rails Web Console - Remote Code Execution
Elasticsearch - Local File Inclusion
ResourceSpace - Local File inclusion
Bonita BPM Portal <6.5.3 - Local File Inclusion
Symfony - Authentication Bypass
WordPress NewStatPress 0.9.8 - SQL Injection
NewStatPress <0.9.9 - Cross-Site Scripting
Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion
WordPress Church Admin <0.810 - Cross-Site Scripting
WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
Koha 3.20.1 - Directory Traversal
Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
Xsuite <=2.4.4.5 - Open Redirect
WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
Novius OS 5.0.1-elche - Open Redirect
WordPress StageShow <5.0.9 - Open Redirect
WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
Swim Team <= v1.44.10777 - Local File Inclusion
ElasticSearch <1.6.1 - Local File Inclusion
Geddy <13.0.8 - Local File Inclusion
Nordex NC2 - Cross-Site Scripting
Combodo iTop <2.2.0-2459 - Cross-Site Scripting
WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting
D-Link DVG-N5402SP - Local File Inclusion
Joomla! Core SQL Injection
WordPress Pie-Register <2.0.19 - Cross-Site Scripting
IBM WebSphere Java Object Deserialization - Remote Code Execution
ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
Kentico CMS 8.2 - Open Redirect
SourceBans <2.0 - Cross-Site Scripting
Atlassian Confluence <5.8.17 - Information Disclosure
Joomla HTTP Header Unauthenticated - Remote Code Execution
Umbraco <7.4.0- Server-Side Request Forgery
NewStatPress <=1.0.4 - Cross-Site Scripting
404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection
WordPress Symposium <=15.8.1 - Cross-Site Scripting
WordPress RobotCPA 5 - Directory Traversal
2016
Adobe AEM Dispatcher <4.15 - Rules Bypass
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
WordPress e-search <=1.0 - Cross-Site Scripting
WordPress e-search <=1.0 - Cross-Site Scripting
WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
WordPress heat-trackr 1.0 - Cross-Site Scripting
WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting
WordPress New Year Firework <=1.1.9 - Cross-Site Scripting
WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
WordPress S3 Video <=0.983 - Cross-Site Scripting
WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting
WordPress Tidio-form <=1.0 - Cross-Site Scripting
WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
WordPress WHIZZ <=1.0.7 - Cross-Site Scripting
WordPress WPSOLR <=8.6 - Cross-Site Scripting
WordPress PHPMailer < 5.2.18 - Remote Code Execution
Western Digital MyCloud NAS - Command Injection
Zabbix - SQL Injection
Opsview Monitor Pro - Local File Inclusion
Opsview Monitor Pro - Open Redirect
Wordpress Zedna eBook download <1.2 - Local File Inclusion
WordPress zm-gallery plugin 1.0 SQL Injection
WordPress Mail Masta 1.0 - Local File Inclusion
WordPress wSecure Lite < 2.4 - Remote Code Execution
Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
Safe Editor Plugin < 1.2 - CSS/JS-injection
ScoreMe Theme - Cross-Site Scripting
NETGEAR WNAP320 Access Point Firmware - Remote Command Injection
SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
Apache S2-032 Struts - Remote Code Execution
Apache ActiveMQ Fileserver - Arbitrary File Write
Fortinet FortiOS - Open Redirect/Cross-Site Scripting
Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability
Apache mod_userdir CRLF injection
Spring Security OAuth2 Remote Command Execution
NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
NUUO NVR camera `debugging_center_utils_.php` - Command Execution
vBulletin <= 4.2.3 - SQL Injection
NETGEAR Routers - Remote Code Execution
ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
Sony IPELA Engine IP Camera - Hardcoded Account
SPIP <3.1.2 - Cross-Site Scripting
Aruba Airwave <8.2.3.1 - Cross-Site Scripting
Apache Tomcat - Remote Code Execution via JMX Ports
Jenkins CLI - HTTP Java Deserialization
2017
DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
Phoenix Framework - Open Redirect
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
Primetek Primefaces 5.x - Remote Code Execution
Oracle Content Server - Cross-Site Scripting
Oracle WebLogic Server - Remote Command Execution
Yaws 1.91 - Local File Inclusion
DataTaker DT80 dEX 1.50.012 - Information Disclosure
Subrion CMS <4.1.5.10 - SQL Injection
ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
FineCMS <5.0.9 - Open Redirect
XML-RPC Server - Remote Code Execution
FineCMS <=5.0.10 - Cross-Site Scripting
XOOPS Core 2.5.8 - Open Redirect
Jboss Application Server - Remote Code Execution
HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
HPE System Management - Cross-Site Scripting
DokuWiki - Cross-Site Scripting
Apache Struts2 S2-053 - Remote Code Execution
Apache Tomcat Servers - Remote Code Execution
Apache Tomcat - Remote Code Execution
Apache Solr <= 7.1 - XML Entity Injection
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
Django Debug Page - Cross-Site Scripting
OpenDreambox 2.0.0 - Remote Code Execution
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
Trixbox - 2.8.0.4 OS Command Injection
Trixbox 2.8.0 - Path Traversal
WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
Node.js <8.6.0 - Directory Traversal
Dreambox WebControl 2.0.0 - Cross-Site Scripting
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
FiberHome Routers - Local File Inclusion
Apache httpd <=2.4.29 - Arbitrary File Upload
Palo Alto Network PAN-OS - Remote Code Execution
Ulterius Server < 1.9.5.0 - Directory Traversal
Nextjs <2.4.1 - Local File Inclusion
Laravel <5.5.21 - Information Disclosure
WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
WordPress Mailster <=1.5.4 - Cross-Site Scripting
Embedthis GoAhead <3.6.5 - Remote Code Execution
DedeCMS 5.7 - SQL Injection
Kentico - Installer Privilege Escalation
AvantFAX 3.3.3 - Cross-Site Scripting
AdPush < 1.44 - Cross-Site Scripting
Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting
Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting
Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting
Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting
Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting
Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting
Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting
Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting
BestWebSoft's Twitter < 2.55 - Cross-Site Scripting
LinkedIn by BestWebSoft < 1.0.5 - Cross-Site Scripting
Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting
SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting
Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting
PDF & Print by BestWebSoft < 1.9.4 - Cross-Site Scripting
PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting
Rating by BestWebSoft < 0.2 - Cross-Site Scripting
Realty by BestWebSoft < 1.1.0 - Cross-Site Scripting
WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
Visitors Online by BestWebSoft < 1.0.0 - Cross-Site Scripting
Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting
Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting
Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting
Updater by BestWebSoft < 1.35 - Cross-Site Scripting
User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting
Timesheet Plugin < 0.1.5 - Cross-Site Scripting
WordPress Qards - Cross-Site Scripting
Graphite <=1.1.5 - Server-Side Request Forgery
FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
NETGEAR Routers - Authentication Bypass
KMCIS CaseAware - Cross-Site Scripting
Apache Struts 2 - Remote Command Execution
Intel Active Management - Authentication Bypass
OpenVPN Access Server 2.1.4 - CRLF Injection
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
Kodi 17.1 - Local File Inclusion
PhpColl 2.5.1 Arbitrary File Upload
Windows Server 2003 & IIS 6.0 - Remote Code Execution
Magmi 0.7.22 - Cross-Site Scripting
MantisBT <=2.30 - Arbitrary Password Reset/Admin Access
IceWarp WebMail 11.3.1.5 - Cross-Site Scripting
Hikvision - Authentication Bypass
Dahua Security - Configuration File Disclosure
Amcrest IP Camera Web Management - Data Exposure
Joomla! <3.7.1 - SQL Injection
Reflected XSS - Telerik Reporting Module
WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
Odoo 8.0/9.0/10.0 - Local File Inclusion
Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
Apache Struts2 S2-053 - Remote Code Execution
Apache Struts2 S2-052 - Remote Code Execution
DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
BOA Web Server 0.94.14 - Arbitrary File Access
PHPUnit - Remote Code Execution
2018
Cisco RV132W/RV134W Router - Information Disclosure
Cisco ASA - Local File Inclusion
Jolokia 1.3.7 - Cross-Site Scripting
Jolokia Agent - JNDI Code Injection
Cobbler - Authentication Bypass
GitList < 0.6.0 Remote Code Execution
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
Sympa version =>6.2.16 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
Jenkins - Remote Command Injection
AudioCodes 420HD - Remote Code Execution
Dolibarr <7.0.2 - Cross-Site Scripting
Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
Ncomputing vSPace Pro 10 and 11 - Directory Traversal
Zend Server <9.13 - Cross-Site Scripting
Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting
Dasan GPON Devices - Remote Code Execution
NagiosXI <= 5.4.12 `commandline.php` SQL injection
NagiosXI <= 5.4.12 - SQL injection
NagiosXI <= 5.4.12 logbook.php SQL injection
NagiosXI <= 5.4.12 menuaccess.php - SQL injection
LG NAS Devices - Remote Code Execution
D-Link Routers - Local File Inclusion
D-Link Routers - Remote Command Injection
Prestashop AttributeWizardPro Module - Arbitrary File Upload
IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
Monstra CMS <=3.0.4 - Cross-Site Scripting
Opencart Divido - Sql Injection
Splunk <=7.0.1 - Information Disclosure
Monstra CMS 3.0.4 - Cross-Site Scripting
WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
Apache Tomcat JK Connect <=1.2.44 - Manager Access
Apache Struts2 S2-057 - Remote Code Execution
Apache Tomcat - Open Redirect
Eaton Intelligent Power Manager 1.6 - Directory Traversal
Schools Alert Management Script - Arbitrary File Read
Dell iDRAC7/8 Devices - Remote Code Injection
OEcms 3.1 - Cross-Site Scripting
Seagate NAS OS 4.3.15.1 - Server Information Disclosure
Seagate NAS OS 4.3.15.1 - Open Redirect
PhpMyAdmin <4.8.2 - Local File Inclusion
CirCarLife Scada <4.3 - System Log Exposure
SV3C HD Camera L Series - Open Redirect
Spring MVC Framework - Local File Inclusion
Spring Data Commons - Remote Code Execution
Webgrind <= 1.5 - Local File Inclusion
Zoho manageengine - Cross-Site Scripting
Apache Tika <1.1.8- Header Command Injection
Fortinet FortiOS - Credentials Disclosure
Fortinet FortiOS - Cross-Site Scripting
Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting
VelotiSmart Wifi - Directory Traversal
Orange Forum 1.4.0 - Open Redirect
Django - Open Redirect
Responsive filemanager 9.13.1 Server-Side Request Forgery
cgit < 1.2.1 - Directory Traversal
Loytec LGATE-902 <6.4.2 - Local File Inclusion
LOYTEC LGATE-902 6.3.2 - Local File Inclusion
Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect
LG-Ericsson iPECS NMS 30M - Local File Inclusion
D-Link Central WifiManager - Server-Side Request Forgery
Responsive FileManager <9.13.4 - Local File Inclusion
Argus Surveillance DVR 4.0.0.0 - Local File Inclusion
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
WordPress Gift Voucher <4.1.8 - Blind SQL Injection
LogonTracer <=1.2.0 - Remote Command Injection
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
WordPress Localize My Post 1.0 - Local File Inclusion
Nuxeo <10.3 - Remote Code Execution
CirCarLife <4.3 - Improper Authentication
CirCarLife <4.3 - Improper Authentication
CirCarLife <4.3 - Improper Authentication
NCBI ToolBox - Directory Traversal
Eventum <3.4.0 - Open Redirect
FUEL CMS 1.4.1 - Remote Code Execution
Rubedo CMS <=3.4.0 - Directory Traversal
Monstra CMS 3.0.4 - HTTP Header Injection
Western Digital MyCloud NAS - Authentication Bypass
Kibana - Local File Inclusion
Joomla! JCK Editor SQL Injection
DotCMS < 5.0.2 - Open Redirect
Comodo Unified Threat Management Web Console - Remote Code Execution
WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
Kubernetes Dashboard <1.10.1 - Authentication Bypass
Centos Web Panel 0.9.8.480 - Local File Inclusion
Planon <Live Build 41 - Cross-Site Scripting
DedeCMS 5.7 SP2 - Cross-Site Scripting
Microstrategy Web 7 - Cross-Site Scripting
Microstrategy Web 7 - Local File Inclusion
ACME mini_httpd <1.30 - Local File Inclusion
TIBCO JasperReports Library - Directory Traversal
Gogs (Go Git Service) 0.11.66 - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
PHP Proxy 3.0.3 - Local File Inclusion
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
Tarantella Enterprise <3.11 - Local File Inclusion
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD <=4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting
WordPress JSmol2WP <=1.07 - Cross-Site Scripting
WordPress JSmol2WP <=1.07 - Local File Inclusion
Tyto Sahi pro 7.x/8.x - Local File Inclusion
Roxy Fileman 1.4.5 - Unrestricted File Upload
Imcat 4.4 - Phpinfo Configuration
Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
WordPress Payeezy Pay <=2.97 - Local File Inclusion
SAP Internet Graphics Server (IGS) - XML External Entity Injection
Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting
Oracle WebLogic Server - Remote Code Execution
Oracle E-Business Suite - Blind SSRF
Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
node-srv - Local File Inclusion
Ruby On Rails - Local File Inclusion
Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
Atlassian Jira Confluence - Cross-Site Scripting
Grav CMS <1.3.0 - Cross-Site Scripting
WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
SugarCRM 3.5.1 - Cross-Site Scripting
Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
Zeit Next.js <4.2.3 - Local File Inclusion
vBulletin - Open Redirect
D-Link - Unauthenticated Remote Code Execution
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
DedeCMS 5.7 - Path Disclosure
osTicket < 1.10.2 - Cross-Site Scripting
osTicket < 1.10.2 - Cross-Site Scripting
osTicket < 1.10.2 - Cross-Site Scripting
Anchor CMS 0.12.3 - Error Log Exposure
TITool PrintMonitor - Blind SQL Injection
Joomla! Component PrayerCenter 3.0.2 - SQL Injection
WordPress Site Editor <=1.1.1 - Local File Inclusion
AxxonSoft Axxon Next - Local File Inclusion
uWSGI PHP Plugin Local File Inclusion
Drupal - Remote Code Execution
Drupal - Remote Code Execution
YzmCMS v3.6 - Cross-Site Scripting
CouchCMS <= 2.0 - Path Disclosure
DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution
Acrolinx Server <5.2.5 - Local File Inclusion
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML Entity Injection
AppWeb - Authentication Bypass
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion
Cobub Razor 0.8.0 - Information Disclosure
PrestaShop Responsive Mega Menu Module - Remote Code Execution
WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
PrismaWEB - Credentials Disclosure
Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
Etherpad Lite <1.6.4 - Admin Authentication Bypass
TBK DVR4104/DVR4216 Devices - Authentication Bypass
2019
Apache Solr - Deserialization of Untrusted Data
Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
Apache Tomcat - Cross-Site Scripting
Apache Struts <=2.5.20 - Remote Code Execution
Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
Kentico CMS Insecure Deserialization Remote Code Execution
Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
Babel - Open Redirect
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
Jenkins <=2.196 - Cookie Exposure
Jenkins build-metrics 1.3 - Cross-Site Scripting
WordPress Google Maps <7.11.18 - SQL Injection
BlogEngine.NET 3.3.7.0 - Local File Inclusion
mongo-express Remote Code Execution
Nimble Streamer <=3.5.4-9 - Local File Inclusion
Debug Endpoint pprof - Exposure Detection
Carel pCOWeb <B1.2.4 - Cross-Site Scripting
Pulse Connect Secure SSL VPN Arbitrary File Read
Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution
Atlassian Jira Server-Side Template Injection
WordPress Yuzo <5.12.94 - Cross-Site Scripting
GrandNode 4.40 - Local File Inclusion
Deltek Maconomy 2.2.5 - Local File Inclusion
WebPort 1.19.1 - Cross-Site Scripting
Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
Zyxel ZyWall UAG/USG - Account Creation Access
IceWarp Mail Server <=10.4.4 - Local File Inclusion
Zeroshell 3.9.0 - Remote Command Execution
LiveZilla Server 8.0.1.0 - Cross-Site Scripting
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center - Local File Inclusion
D-Link DIR-600M - Authentication Bypass
MindPalette NateMail 3.0.15 - Cross-Site Scripting
FlightPath - Local File Inclusion
Lansweeper Unauthenticated SQL Injection
WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion
Alfresco Share - Open Redirect
T24 Web Server - Local File Inclusion
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Pallets Werkzeug <0.15.5 - Local File Inclusion
WordPress UserPro 4.9.32 - Cross-Site Scripting
OpenEMR <5.0.2 - Local File Inclusion
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
osTicket < 1.12.1 - Cross-Site Scripting
Custom 404 Pro < 3.2.8 - Cross-Site Scripting
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Grafana - Improper Access Control
Webmin <= 1.920 - Unauthenticated Remote Command Execution
L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
Webmin < 1.920 - Authenticated Remote Code Execution
WordPress My Calendar <= 3.1.9 - Cross-Site Scripting
DomainMOD <=4.13.0 - Cross-Site Scripting
Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
Socomec DIRIS A-40 Devices Password Disclosure
WordPress Download Manager <2.9.94 - Cross-Site Scripting
D-Link DNS-320 - Remote Code Execution
Harbor <=1.82.0 - Privilege Escalation
PilusCart <=1.4.1 - Local File Inclusion
nostromo 1.9.6 - Remote Code Execution
ifw8 Router ROM v4.31 - Credential Discovery
WordPress API Bearer Auth <20190907 - Cross-Site Scripting
Adobe Experience Manager - Expression Language Injection
WordPress Checklist <1.1.9 - Cross-Site Scripting
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
rConfig 3.9.2 - Remote Code Execution
vBulletin 5.0.0-5.5.4 - Remote Command Execution
D-Link Routers - Remote Code Execution
WordPress Visualizer <3.3.1 - Cross-Site Scripting
Visualizer <3.3.1 - Blind Server-Side Request Forgery
Metinfo 7.0.0 beta - SQL Injection
Metinfo 7.0.0 beta - SQL Injection
Yachtcontrol Webapplication 1.0 - Remote Command Injection
Zabbix <=4.4 - Authentication Bypass
MetInfo 7.0.0 beta - SQL Injection
Jfrog Artifactory <6.17.0 - Default Admin Password
Kirona Dynamic Resource Scheduler - Information Disclosure
D-Link DIR-868L/817LW - Information Disclosure
Jiangnan Online Judge 0.8.0 - Local File Inclusion
Apache Solr <=8.3.1 - Remote Code Execution
Popup-Maker < 1.8.12 - Broken Authentication
ThinVNC 1.0b1 - Authentication Bypass
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
Xiaomi Mi WiFi R3G Routers - Local file Inclusion
Ignite Realtime Openfire <4.42 - Local File Inclusion
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
DOMOS 5.5 - Local File Inclusion
strapi CMS <3.0.0-beta.17.5 - Admin Password Reset
Allied Telesis AT-GS950/8 - Local File Inclusion
MicroStrategy Library <11.1.3 - Cross-Site Scripting
Cisco RV110W RV130W RV215W Router - Information leakage
WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
Huawei Firewall - Local File Inclusion
Cisco Small Business 200,300 and 500 Series Switches - Open Redirect
Citrix ADC and Gateway - Directory Traversal
TOTOLINK Realtek SD Routers - Remote Command Injection
phpMyChat-Plus 1.98 - Cross-Site Scripting
WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval
TVT NVMS 1000 - Local File Inclusion
WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
Simple Employee Records System 1.0 - Unrestricted File Upload
WordPress CTHthemes - Cross-Site Scripting
Pandora FMS 7.0NG - Remote Command Injection
InfluxDB <1.7.6 - Authentication Bypass
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
Oracle Business Intelligence - Path Traversal
Oracle Business Intelligence/XML Publisher - XML External Entity Injection
Oracle WebLogic Server - Remote Command Execution
Oracle WebLogic Server Administration Console - Remote Code Execution
Oracle Business Intelligence Publisher - XML External Entity Injection
Atlassian Confluence Server - Path Traversal
Atlassian Confluence Download Attachments - Remote Code Execution
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
Jira < 8.1.1 - Cross-Site Scripting
Jira - Incorrect Authorization
Spring Cloud Config Server - Local File Inclusion
LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
LabKey Server Community Edition <18.3.0 - Open Redirect
Barco/AWIND OEM Presentation Platform - Remote Command Injection
YouPHPTube Encoder 2.3 - Remote Command Injection
Rails File Content Disclosure
Revive Adserver 4.2 - Remote Code Execution
WordPress Sell Media 2.4.1 - Cross-Site Scripting
Drupal - Remote Code Execution
W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal
GitLab Enterprise Edition - Server-Side Request Forgery
phpMyAdmin <4.8.5 - Local File Inclusion
Pypiserver <1.2.5 - Carriage Return Line Feed Injection
Magento - SQL Injection
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
eMerge E3 1.00-06 - Local File Inclusion
Linear eMerge E3 - Cross-Site Scripting
eMerge E3 1.00-06 - Remote Code Execution
Optergy Proton/Enterprise Building Management System - Open Redirect
Genie Access WIP3BVAF IP Camera - Local File Inclusion
SonicWall SRA 4600 VPN - SQL Injection
KindEditor 4.1.11 - Cross-Site Scripting
Kibana Timelion - Arbitrary Code Execution
Adobe Experience Manager - XML External Entity Injection
qdPM 9.1 - Cross-site Scripting
Jira - Local File Inclusion
Jira Improper Authorization
Jira <8.4.0 - Information Disclosure
Jira <8.4.0 - Server-Side Request Forgery
Totaljs <3.2.3 - Local File Inclusion
HotelDruid 2.3.0 - Cross-Site Scripting
WordPress Core 5.0.0 - Crop-image Shell Upload
Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery
ZZZCMS 1.6.1 - Remote Code Execution
WordPress GraceMedia Media Player 1.0 - Local File Inclusion
ESAFENET CDG - Arbitrary File Download
Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection
Homematic CCU3 - Local File Inclusion
JFrog Artifactory 6.7.3 - Admin Login Bypass
WP Google Maps < 7.10.43 - Cross-Site Scripting
GetSimple CMS 3.3.13 - Open Redirect
Joomla! Harmis Messenger 1.2.2 - Local File Inclusion
Zyxel - Cross-Site Scripting
WordPress Social Warfare <3.5.3 - Cross-Site Scripting
2020
Microsoft SQL Server Reporting Services - Remote Code Execution
SolarWinds Orion API - Auth Bypass
ManageEngine Desktop Central Java Deserialization
Sonatype Nexus Repository Manager 3 - Remote Code Execution
rConfig 3.9 - SQL Injection
rConfig 3.9.4 - SQL Injection
rConfig 3.9.4 - SQL Injection
rConfig 3.9.4 - SQL Injection
rConfig <=3.9.4 - SQL Injection
Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
WAVLINK - Access Control
GLPI <9.4.6 - Open Redirect
Grafana <= 6.7.1 - Cross-Site Scripting
phpMyAdmin 5.0.2 - CRLF Injection
MicroStrategy Web 10.4 - Information Disclosure
LimeSurvey 4.1.11 - Local File Inclusion
Grav <1.7 - Open Redirect
WordPress Chop Slider 3 - Blind SQL Injection
SuperWebmailer 7.21.0.01526 - Remote Code Execution
PRTG Network Monitor <20.1.57.1745 - Information Disclosure
Kong Admin <=2.03 - Admin API Access
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Micro Focus UCMDB - Remote Code Execution
WordPress GTranslate <2.8.52 - Cross-Site Scripting
Apache Airflow <=1.10.10 - Remote Code Execution
Apache Cocoon 2.1.12 - XML Injection
WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
Zoho ManageEngine OpManger - Arbitrary File Read
WAVLINK WN530H4 live_api.cgi - Command Injection
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 - Cross-Site Scripting
Onkyo TX-NR585 Web Interface - Directory Traversal
TeamPass 2.1.27.36 - Improper Authentication
vBulletin SQL Injection
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
Wavlink Multiple AP - Remote Command Injection
Submitty <= 20.04.01 - Open Redirect
Artica Proxy Community Edition <4.30.000000 - Local File Inclusion
Netsweeper <=6.4.3 - Python Code Injection
Contentful <=2020-05-21 - Cross-Site Scripting
Grafana 3.0.1-7.0.1 - Server-Side Request Forgery
Microweber <1.1.20 - Information Disclosure
Bitrix24 <=20.0.0 - Cross-Site Scripting
rConfig 3.9 - Authentication Bypass(Admin Login)
WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
Extreme Management Center 8.4.1.24 - Cross-Site Scripting
Artica Pandora FMS 7.44 - Remote Code Execution
Airflow Experimental <1.10.11 - REST API Auth Bypass
Apache Kylin - Exposed Configuration File
Apache Unomi <1.5.2 - Remote Code Execution
Apache APISIX - Insufficiently Protected Credentials
WordPress PayPal Pro <1.1.65 - SQL Injection
Gitea 1.1.0 - 1.12.5 - Remote Code Execution
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Jira Server and Data Center - Information Disclosure
Agentejo Cockpit 0.10.2 - Cross-Site Scripting
NeDi 1.9C - Cross-Site Scripting
Oracle WebLogic Server - Remote Command Execution
Oracle Fusion - Directory Traversal/Local File Inclusion
Oracle Weblogic Server - Remote Command Execution
Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution
Suprema BioStar <2.8.2 - Local File Inclusion
Traefik - Open Redirect
Yii 2 < 2.0.38 - Remote Code Execution
Nette Framework - Remote Code Execution
TileServer GL <=3.0.0 - Cross-Site Scripting
MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
TerraMaster TOS <.1.29 - Remote Code Execution
Gogs 0.5.5 - 0.12.2 - Remote Code Execution
D-Link DIR-816L 2.x - Cross-Site Scripting
Tiki Wiki CMS GroupWare - Authentication Bypass
Mida eFramework <=2.9.0 - Remote Command Execution
Cisco Unified IP Conference Station 7937G - Denial-of-Service
SaltStack <=3002 - Shell Injection
Microsoft SharePoint - Remote Code Execution
Nova Lite < 1.3.9 - Cross-Site Scripting
WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution
Fuel CMS 1.4.7 - SQL Injection
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
Artica Web Proxy 4.30 - OS Command Injection
Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
Apache Flink 1.5.1 - Local File Inclusion
Apache Flink - Local File Inclusion
Apache Airflow <1.10.14 - Authentication Bypass
Apache Struts 2.0.0-2.5.25 - Remote Code Execution
Z-Blog <=1.5.2 - Open Redirect
Jeesns 1.4.2 - Cross-Site Scripting
Jeesns 1.4.2 - Cross-Site Scripting
Jeesns 1.4.2 - Cross-Site Scripting
FHEM 6.0 - Local File Inclusion
Apache OFBiz <=16.11.07 - Cross-Site Scripting
qdPM 9.1 - Cross-site Scripting
Apache Kylin 3.0.1 - Command Injection Vulnerability
Gridx 1.3 - Remote Code Execution
ZZcms - Cross-Site Scripting
WeiPHP 5.0 - SQL Injection
Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
shadoweb wdja v1.5.1 - Cross-Site Scripting
DomainMOD 4.13.0 - Cross-Site Scripting
Jenkins <=2.218 - Information Disclosure
Inspur ClusterEngine 4.0 - Remote Code Execution
Jenkin Audit Trail <=3.2 - Cross-Site Scripting
74cms - ajax_street.php 'x' SQL Injection
74cms - ajax_common.php SQL Injection
74cms - ajax_officebuilding.php SQL Injection
74cms - ajax_street.php 'key' SQL Injection
b2evolution CMS <6.11.6 - Open Redirect
OPNsense <=20.1.5 - Open Redirect
Aryanic HighMail (High CMS) - Cross-Site Scripting
Kyocera Printer d-COPIA253MF - Directory Traversal
Monstra CMS 3.0.4 - Cross-Site Scripting
Joomla! Component GMapFP 3.5 - Arbitrary File Upload
Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery
WordPress wpDiscuz <=7.0.4 - Remote Code Execution
Mara CMS 7.5 - Cross-Site Scripting
WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
Mongo-Express - Remote Code Execution
EpiServer Find <13.2.7 - Open Redirect
NexusDB <4.50.23 - Local File Inclusion
D-Link DSL 2888a - Authentication Bypass/Remote Command Execution
WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
OX Appsuite - Cross-Site Scripting
OsTicket < 1.14.3 - Server Side Request Forgery
Quixplorer <=2.4.1 - Cross-Site Scripting
Cute Editor for ASP.NET 6.4 - Cross-Site Scripting
QCube Cross-Site-Scripting
PHP-Fusion 9.03.50 - Remote Code Execution
D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure
WordPress File Manager Plugin - Remote Code Execution
Sophos UTM Preauth - Remote Code Execution
Xinuo Openserver 5/6 - Cross-Site scripting
D-Link DNS-320 - Unauthenticated Remote Code Execution
Oracle WebLogic Server - Remote Code Execution
ThinkAdmin 6 - Local File Inclusion
Commvault CommCell - Local File Inclusion
HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
Cisco SD-WAN vManage Software - Local File Inclusion
Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
Alerta < 8.1.0 - Authentication Bypass
XStream <1.4.14 - Remote Code Execution
PrestaShop Product Comments <4.2.0 - SQL Injection
XStream <1.4.15 - Server-Side Request Forgery
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
WordPress WP Courses Plugin Information Disclosure
NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
Emby Server Server-Side Request Forgery
LionWiki <3.2.12 - Local File Inclusion
JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure
Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure
Processwire CMS <2.7.1 - Local File Inclusion
Good Layers LMS Plugin <= 2.1.4 - SQL Injection
Wing FTP 6.4.4 - Cross-Site Scripting
KeyCloak - Information Exposure
NETGEAR - Authentication Bypass
IceWarp WebMail 11.4.5.0 - Cross-Site Scripting
SonarQube - Authentication Bypass
TerraMaster TOS < 4.2.06 - User Enumeration
TerraMaster TOS - Unauthenticated Remote Command Execution
Rocket.Chat <3.9.1 - Information Disclosure
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
geojson2kml - Command Injection
Monitorr 1.7.6m - Unauthenticated Remote Code Execution
WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
PacsOne Server <7.1.1 - Cross-Site Scripting
Car Rental Management System 1.0 - Local File Inclusion
Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
ZyXel USG - Hardcoded Credentials
IncomCMS 2.0 - Arbitrary File Upload
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
SMTP WP Plugin Directory Listing
Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection
OpenTSDB <=2.4.0 - Remote Code Execution
SearchBlox <9.2.2 - Local File Inclusion
Advanced Comment System 1.0 - Local File Inclusion
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
Klog Server <=2.41 - Unauthenticated Command Injection
GateOne 1.1 - Local File Inclusion
WordPress Simple Job Board <2.9.4 - Local File Inclusion
twitter-server Cross-Site Scripting
Cisco ASA/FTD Software - Cross-Site Scripting
Agentejo Cockpit < 0.11.2 - NoSQL Injection
Agentejo Cockpit <0.11.2 - NoSQL Injection
Agentejo Cockpit <0.12.0 - NoSQL Injection
Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
Rukovoditel <= 2.7.2 - Cross Site Scripting
Rukovoditel <= 2.7.2 - Cross Site Scripting
Rukovoditel <= 2.7.2 - Cross Site Scripting
Rukovoditel <= 2.7.2 - Cross-Site Scripting
CSE Bookstore 1.0 - SQL Injection
Jira Server and Data Center - Information Disclosure
Smartstore <4.1.0 - Open Redirect
WordPress 15Zine <3.3.0 - Cross-Site Scripting
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
PHPGurukul Hospital Management System - Cross-Site Scripting
Hospital Management System 4.0 - SQL Injection
Next.js <9.3.2 - Local File Inclusion
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
Spring Cloud Config - Local File Inclusion
Spring Cloud Config Server - Local File Inclusion
Spring Cloud Netflix - Server-Side Request Forgery
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
MAGMI - Cross-Site Request Forgery
Magento Mass Importer <0.7.24 - Remote Auth Bypass
UnRaid <=6.80 - Remote Code Execution
F5 BIG-IP TMUI - Remote Code Execution
CLink Office 2.0 - Cross-Site Scripting
SAP Solution Manager 7.2 - Remote Command Execution
SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
OpenSIS 7.3 - SQL Injection
Eclipse Mojarra - Local File Read
WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting
HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
LinuxKI Toolset <= 6.01 - Remote Command Execution
McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery
Puppet Server/PuppetDB - Sensitive Information Disclosure
Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution
Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution
Revive Adserver <=5.0.3 - Cross-Site Scripting
Ruby on Rails <5.0.1 - Remote Code Execution
Citrix ADC/Gateway - Cross-Site Scripting
Citrix - Local File Inclusion
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
Citrix XenMobile Server - Local File Inclusion
Artica Pandora FMS <=7.42 - Arbitrary File Read
IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
DrayTek - Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
Lotus Core CMS 1.0.1 - Local File Inclusion
playSMS <1.4.3 - Remote Code Execution
EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
WordPress Time Capsule < 1.21.16 - Authentication Bypass
WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
Cacti v1.2.8 - Remote Code Execution
Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
Jeedom <=4.0.38 - Cross-Site Scripting
WordPress wpCentral <1.5.1 - Information Disclosure
exacqVision Web Service - Remote Code Execution
Zyxel NAS Firmware 5.21- Remote Code Execution
Oracle iPlanet Web Server 7.0.x - Authentication Bypass
Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
D-Link DIR-610 Devices - Information Disclosure
Django SQL Injection
rConfig <3.9.4 - Sensitive Information Disclosure
SkyWalking SQLI
Apache Tomcat Remote Command Execution
Apache OFBiz 17.12.03 - Cross-Site Scripting
Craft CMS < 3.3.0 - Server-Side Template Injection
2021
Cisco Small Business RV Series - OS Command Injection
Cisco HyperFlex HX Data Platform - Remote Command Execution
Cisco HyperFlex HX Data Platform - Remote Command Execution
Cisco HyperFlex HX Data Platform - Arbitrary File Upload
SonicWall SonicOS 7.0 - Open Redirect
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
Buffalo WSR-2533DHPL2 - Path Traversal
Buffalo WSR-2533DHPL2 - Configuration File Injection
Buffalo WSR-2533DHPL2 - Improper Access Control
TCExam <= 14.8.1 - Sensitive Information Exposure
Draytek VigorConnect 1.6.0-B - Local File Inclusion
Draytek VigorConnect 6.0-B3 - Local File Inclusion
Gryphon Tower - Cross-Site Scripting
Trendnet AC2600 TEW-827DRU - Credentials Disclosure
Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change
Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
MovableType - Remote Command Injection
Adobe ColdFusion - Cross-Site Scripting
Spring Boot Actuator Logview Directory Traversal
MinIO Browser API - Server-Side Request Forgery
Lucee Admin - Remote Code Execution
Adminer <4.7.9 - Server-Side Request Forgery
Node.JS System Information Library <5.3.1 - Remote Command Injection
XStream <1.4.16 - Remote Code Execution
XStream <1.4.16 - Remote Code Execution
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
Jellyfin <10.7.0 - Local File Inclusion
SCIMono <0.0.19 - Remote Code Execution
ZTE MF971R - Referer authentication bypass
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Advantech R-SeeNet - Cross-Site Scripting
Advantech R-SeeNet - Cross-Site Scripting
Advantech R-SeeNet - Cross-Site Scripting
Advantech R-SeeNet 2.4.12 - OS Command Injection
D-Link DIR-3040 1.13B03 - Information Disclosure
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
VMware vSphere Client (HTML5) - Remote Code Execution
VMware vSphere - Server-Side Request Forgery
vRealize Operations Manager API - Server-Side Request Forgery
VMware View Planner <4.6 SP1- Remote Code Execution
VMware vSphere Client (HTML5) - Remote Code Execution
VMware vCenter Server - Arbitrary File Upload
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
VMWare Workspace ONE UEM - Server-Side Request Forgery
FortiWeb - Cross Site Scripting
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
GitLab CE/EE - Remote Code Execution
Gitlab CE/EE 10.5 - Server-Side Request Forgery
Micro Focus Operations Bridge Reporter - Remote Code Execution
EVlink City < R8 V3.4.0.1 - Authentication Bypass
Revive Adserver <5.1.0 - Open Redirect
Rocket.Chat <=3.13 - NoSQL Injection
F5 iControl REST - Remote Command Execution
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery
WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload
WordPress Ninja Forms <3.4.34 - Open Redirect
WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
WordPress PhastPress <1.111 - Open Redirect
WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting
Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation
AccessAlly <3.5.7 - Sensitive Information Leakage
Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
WordPress Imagements <=1.2.5 - Arbitrary File Upload
WordPress Realteo <=1.2.3 - Cross-Site Scripting
WordPress Pie Register <3.7.0.1 - Cross-Site Scripting
WordPress Stop Spammers <2021.9 - Cross-Site Scripting
WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
Popup by Supsystic <1.10.5 - Cross-Site scripting
WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload
WordPress Car Seller - Auto Classifieds Script - SQL Injection
WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting
WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting
WordPress AcyMailing <7.5.0 - Open Redirect
WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting
WordPress WooCommerce <1.13.22 - Cross-Site Scripting
WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting
WordPress Statistics <13.0.8 - Blind SQL Injection
WordPress JNews Theme <8.0.6 - Cross-Site Scripting
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
WordPress Jannah Theme <5.4.4 - Cross-Site Scripting
WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
WordPress FoodBakery <2.2 - Cross-Site Scripting
WordPress wpForo Forum < 1.9.7 - Open Redirect
WordPress Jannah Theme <5.4.5 - Cross-Site Scripting
Prismatic < 2.8 - Cross-Site Scripting
WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
Wordpress Polls Widget < 1.5.3 - SQL Injection
WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery
WordPress Post Grid <2.1.8 - Cross-Site Scripting
Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
WordPress Workreap - Remote Code Execution
WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
G Auto-Hyperlink <= 1.0.1 - SQL Injection
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
Pie Register < 3.7.1.6 - SQL Injection
WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection
WordPress Perfect Survey <1.5.2 - SQL Injection
Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection
WordPress Asgaros Forum <1.15.13 - SQL Injection
WordPress AnyComment <0.3.5 - Open Redirect
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
Contest Gallery < 13.1.0.6 - SQL injection
WordPress WPS Hide Login <1.9.1 - Information Disclosure
WordPress Domain Check <1.0.17 - Cross-Site Scripting
WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting
WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
Registrations for the Events Calendar < 2.7.6 - SQL Injection
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
Blog2Social < 6.8.7 - Cross-Site Scripting
WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
Paid Memberships Pro < 2.6.6 - Cross-Site Scripting
WordPress Super Socializer <7.13.30 - Cross-Site Scripting
WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting
WordPress Guppy <=1.1 - Information Disclosure
WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution
The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting
Chaty < 2.8.2 - Cross-Site Scripting
WordPress Event Tickets < 5.2.2 - Open Redirect
Noptin < 1.6.5 - Open Redirect
WordPress Button Generator <2.3.3 - Remote File Inclusion
WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting
WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting
Landing Page Builder < 1.4.9.6 - Cross-Site Scripting
WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect
WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
Affiliates Manager < 2.9.0 - Cross Site Scripting
Contact Form Entries < 1.2.4 - Cross-Site Scripting
WOOF WordPress plugin - Cross-Site Scripting
Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution
WordPress GiveWP <2.17.3 - Cross-Site Scripting
WordPress Ocean Extra <1.9.5 - Cross-Site Scripting
WordPress English Admin <1.5.2 - Open Redirect
WordPress WHMCS Bridge <6.4b - Cross-Site Scripting
WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
Yoast SEO 16.7-17.2 - Information Disclosure
Easy Social Feed < 6.2.7 - Cross-Site Scripting
SaltStack Salt <3002.5 - Auth Bypass
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios XI 5.7.5 - Cross-Site Scripting
Apache Druid - Remote Code Execution
Hue Magic 3.0.0 - Local File Inclusion
Void Aural Rec Monitor 9.0.0.1 - SQL Injection
Confluence Server - Remote Code Execution
Atlassian Confluence Server - Local File Inclusion
Atlassian Jira Limited - Local File Inclusion
Cacti - Cross-Site Scripting
AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
Apache OFBiz <17.12.06 - Arbitrary Code Execution
EPrints 3.4.2 - Cross-Site Scripting
ImpressCMS <1.4.3 - Incorrect Authorization
EPrints 3.4.2 - Cross-Site Scripting
Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
Jenzabar 9.2x-9.2.2 - Cross-Site Scripting
Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting
Microsoft Exchange Server SSRF Vulnerability
Doctor Appointment System 1.0 - SQL Injection
Sercomm VD625 Smart Modems - CRLF Injection
Clansphere CMS 2011.4 - Cross-Site Scripting
Clansphere CMS 2011.4 - Cross-Site Scripting
Doctor Appointment System 1.0 - SQL Injection
Doctor Appointment System 1.0 - SQL Injection
Doctor Appointment System 1.0 - SQL Injection
Doctor Appointment System 1.0 - SQL Injection
Doctor Appointment System 1.0 - SQL Injection
Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
Grafana Unauthenticated Snapshot Creation
FUDForum 3.1.0 - Cross-Site Scripting
FUDForum 3.1.0 - Cross-Site Scripting
YeaLink DM 3.6.0.20 - Remote Command Injection
Pega Infinity - Authentication Bypass
Appspace 6.2.4 - Server-Side Request Forgery
IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
Apache Tapestry - Remote Code Execution
Apache Solr <=8.8.1 - Server-Side Request Forgery
Mautic <3.3.4 - Cross-Site Scripting
LumisXP <10.0.0 - Blind XML External Entity Attack
Ntopng Authentication Bypass
Hongdian H8922 3.0.5 Devices - Local File Inclusion
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 - Remote Command Injection
Eclipse Jetty - Information Disclosure
Eclipse Jetty ConcatServlet - Information Disclosure
Joomla! ChronoForums 2.0.11 - Local File Inclusion
VICIdial Sensitive Information Disclosure
Netmask NPM Package - Server-Side Request Forgery
Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure
rConfig 3.9.6 - Local File Inclusion
LDAP Injection In OpenAM
Apache OFBiz < 17.12.07 - Arbitrary Code Execution
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
Nacos <1.4.1 - Authentication Bypass
Nacos <1.4.1 - Authentication Bypass
Ghost CMS <=4.32 - Cross-Site Scripting
Jellyfin 10.7.2 - Server Side Request Forgery
XStream <1.4.17 - Remote Code Execution
Prometheus - Open Redirect
Adminer <=4.8.0 - Cross-Site Scripting
Seo Panel 4.8.0 - Cross-Site Scripting
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
Apache OFBiz <17.12.07 - Arbitrary Code Execution
Php-mod/curl Library <2.3.2 - Cross-Site Scripting
Sidekiq <=6.2.0 - Cross-Site Scripting
Intelbras WIN 300/WRN 342 - Credentials Disclosure
ZEROF Web Server 1.0 - SQL Injection
ffay lanproxy Directory Traversal
Knowage Suite 7.3 - Cross-Site Scripting
VoipMonitor <24.61 - Remote Code Execution
Ivanti Avalanche 6.3.2 - Local File Inclusion
PrestaShop 1.7.7.0 - SQL Injection
Microsoft Exchange Server - Cross-Site Scripting
CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
CHIYU TCP/IP Converter - Cross-Site Scripting
Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
CentOS Web Panel - SQL Injection
CentOS Web Panel - OS Command Injection
SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting
Akkadian Provisioning Manager - Information Disclosure
BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass
WebCTRL OEM <= 6.5 - Cross-Site Scripting
Tenda Router AC11 - Remote Command Injection
Apache Struts2 S2-062 - Remote Code Execution
Layer5 Meshery 0.5.2 - SQL Injection
SysAid 20.4.74 - Cross-Site Scripting
ASUS GT-AC2900 - Authentication Bypass
Maian Cart <=3.8 - Remote Code Execution
Node RED Dashboard <2.26.2 - Local File Inclusion
Websvn <2.6.1 - Remote Code Execution
Python Flask-Security - Open Redirect
elFinder 2.1.58 - Remote Code Execution
WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection
Nodejs Squirrelly - Remote Code Execution
Express-handlebars - Local File Inclusion
Erxes <0.23.0 - Cross-Site Scripting
emlog 5.3.1 Path Disclosure
Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
Dahua IPC/VTH/VTO - Authentication Bypass
CommScope Ruckus IoT Controller - Information Disclosure
RaspAP <=2.6.5 - Remote Command Injection
Geutebruck - Remote Command Injection
Ruby Dragonfly <1.4.0 - Remote Code Execution
SAP NetWeaver Development Infrastructure - Server Side Request Forgery
Rstudio Shiny Server <1.5.16 - Local File Inclusion
npm ansi_up v4 - Cross-Site Scripting
FortiLogger 4.4.2.2 - Arbitrary File Upload
Cartadis Gespage 8.2.1 - Directory Traversal
WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
Accela Civic Platform <=21.1 - Cross-Site Scripting
Accela Civic Platform <=21.1 - Cross-Site Scripting
Eclipse Jetty - Information Disclosure
Exchange Server - Remote Code Execution
WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
GTranslate < 2.8.65 - Cross-Site Scripting
WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting
FAUST iServer 9.0.018.018.4 - Local File Inclusion
SolarWinds Serv-U 15.3 - Directory Traversal
MaxSite CMS > V106 - Cross-Site Scripting
Bludit 3.13.1 - Cross Site Scripting
Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
TermTalk Server 3.24.0.2 - Local File Inclusion
RealTek Jungle SDK - Arbitrary Command Injection
ForgeRock OpenAM <7.0 - Remote Code Execution
Thruk 2.40-2 - Cross-Site Scripting
Oracle Access Manager - Remote Code Execution
Motorola Baby Monitors - Remote Command Execution
Hikvision IP camera/NVR - Remote Command Execution
Kramer VIAware - Remote Code Execution
Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Nova noVNC - Open Redirect
IceWarp Mail Server - Open Redirect
PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection
Apache Druid - Local File Inclusion
WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
QSAN Storage Manager <3.3.3 - Cross-Site Scripting
Jeecg Boot <= 2.4.5 - Information Disclosure
Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
PrestaShop SmartBlog <4.0.6 - SQL Injection
Tiny Java Web Server - Cross-Site Scripting
Apache ShenYu Admin JWT - Authentication Bypass
Virtua Software Cobranca <12R - Blind SQL Injection
phpfastcache - phpinfo Resource Exposure
Hotel Druid 3.0.2 - Cross-Site Scripting
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
Nagios XI < 5.8.6 - Cross-Site Scripting
WordPress Redux Framework <=4.2.11 - Information Disclosure
Apache Airflow - Unauthenticated Variable Import
Microsoft Open Management Infrastructure - Remote Code Execution
Cyberoam NetGenie Cross-Site Scripting
ClinicCases 7.3.3 Cross-Site Scripting
ExponentCMS <= 2.6 - Host Header Injection
XStream 1.4.18 - Remote Code Execution
XStream 1.4.18 - Remote Code Execution
XStream 1.4.18 - Arbitrary Code Execution
XStream <1.4.18 - Server-Side Request Forgery
Cachet <=2.3.18 - SQL Injection
GLPI 9.2/<9.5.6 - Information Disclosure
Grafana Snapshot - Authentication Bypass
WordPress True Ranker <2.2.4 - Local File Inclusion
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
WordPress Under Construction <1.19 - Cross-Site Scripting
WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
WordPress BulletProof Security 5.1 Information Disclosure
FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
BIQS IT Biqs-drive v1.83 Local File Inclusion
EyouCMS 1.5.4 Open Redirect
Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
IRTS OP5 Monitor - Cross-Site Scripting
Cobbler <3.3.0 - Remote Code Execution
Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery
Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution
Opensis-Classic 8.0 - Cross-Site Scripting
OS4Ed OpenSIS Community 8.0 - Local File Inclusion
IND780 - Local File Inclusion
Geoserver - Server-Side Request Forgery
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
Cloudron 6.2 Cross-Site Scripting
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution
Gurock TestRail Application files.md5 Exposure
Galera WebTemplate 1.0 Directory Traversal
Spotweb <= 1.5.1 - Cross Site Scripting
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
Spotweb <= 1.5.1 - Cross Site Scripting
Spotweb <= 1.5.1 - Cross Site Scripting
Spotweb <= 1.5.1 - Cross Site Scripting
Spotweb <= 1.5.1 - Cross Site Scripting
MKdocs 1.2.2 - Directory Traversal
Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
Redash Setup Configuration - Default Secrets Disclosure
MinIO Operator Console Authentication Bypass
Metabase - Local File Inclusion
pfSense - Arbitrary File Write
ECOA Building Automation System - Directory Traversal Content Disclosure
ECOA Building Automation System - Arbitrary File Retrieval
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
Payara Micro Community 5.2021.6 Directory Traversal
FlatPress 1.2.1 - Stored Cross-Site Scripting
ECShop 4.1.0 - SQL Injection
JustWriting - Cross-Site Scripting
SAS/Internet 9.4 1520 - Local File Inclusion
PuneethReddyHC action.php SQL Injection
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
TP-Link - OS Command Injection
openSIS Student Information System 8.0 SQL Injection
CraftCMS SEOmatic - Server-Side Template Injection
Apache 2.4.49 - Path Traversal and Remote Code Execution
PlaceOS 1.2109.1 - Open Redirection
i-Panel Administration System 2.0 - Cross-Site Scripting
GitLab GraphQL API User Enumeration
Resourcespace - Cross-Site Scripting
Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
KONGA 0.14.9 - Privilege Escalation
Sitecore Experience Platform Pre-Auth RCE
BillQuick Web Suite SQL Injection
NetBiblio WebOPAC - Cross-Site Scripting
myfactory FMS - Cross-Site Scripting
myfactory FMS - Cross-Site Scripting
Apereo CAS Cross-Site Scripting
D-Link DIR-615 - Unauthorized Access
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
Online Event Booking and Reservation System 2.3.0 - SQL Injection
TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass
Fortinet FortiMail 7.0.1 - Cross-Site Scripting
Pre-Auth Takeover of Build Pipelines in GoCD
Studio-42 elFinder <2.1.60 - Arbitrary File Upload
AlquistManager Local File Inclusion
Clustering Local File Inclusion
Sourcecodester Simple Client Management System 1.0 - SQL Injection
Atmail 6.5.0 - Cross-Site Scripting
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
kkFileview v4.0.0 - Local File Inclusion
GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
Grafana v8.x - Arbitrary File Read
Admidio - Cross-Site Scripting
Gradio < 2.5.0 - Arbitrary File Read
Zoho ManageEngine ServiceDesk Plus - Remote Code Execution
Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
Alibaba Sentinel - Server-side request forgery (SSRF)
Reprise License Manager 14.2 - Authentication Bypass
Apache Log4j2 Remote Code Injection
WAVLINK AC1200 - Information Disclosure
3DPrint Lite < 1.9.1.5 - Arbitrary File Upload
Rosario Student Information System Unauthenticated SQL Injection
Apache Superset <=1.3.2 - Default Login
Zoho ManageEngine Desktop Central - Remote Code Execution
Open Redirect in Host Authorization Middleware
Ivanti EPM Cloud Services Appliance Code Injection
Thinfinity VirtualUI User Enumeration
SpringBlade - Information Leakage
HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
Apache Log4j2 - Remote Code Injection
Thinfinity Iframe Injection
Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
AppCMS - Cross-Site Scripting
D-Link - Remote Command Execution
Reprise License Manager 14.2 - Cross-Site Scripting
Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload
Slims9 Bulian 9.4.2 - SQL Injection
osTicket 1.15.x - SQL Injection
Pascom CPS Server-Side Request Forgery
Pascom CPS - Local File Inclusion
Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting
Vehicle Service Management System - Stored Cross-Site Scripting
Vehicle Service Management System 1.0 - Stored Cross Site Scripting
ehicle Service Management System 1.0 - Cross-Site Scripting
Vehicle Service Management System 1.0 - Stored Cross Site Scripting
Vehicle Service Management System 1.0 - Cross Site Scripting
Ligeo Archives Ligeo Basics - Server Side Request Forgery
D-Link DIR850 ET850-1.08TRb03 - Open Redirect
D-Link DAP-1620 - Local File Inclusion
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion
Telesquare TLR-2855KS6 - Arbitrary File Creation
Telesquare TLR-2855KS6 - Arbitrary File Deletion
SDT-CW3B1 1.1.0 - OS Command Injection
Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete
GenieACS => 1.2.8 - OS Command Injection
2022
Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
WordPress Visual Form Builder <3.0.8 - Information Disclosure
WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting
WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
Photo Gallery by 10Web < 1.6.0 - SQL Injection
WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting
WordPress Permalink Manager <2.2.15 - Cross-Site Scripting
WordPress NewStatPress <1.3.6 - Cross-Site Scripting
WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
WordPress GDPR & CCPA <1.9.27 - Cross-Site Scripting
Popup Builder < 4.0.7 - SQL Injection
WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting
Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting
LearnPress <4.1.6 - Cross-Site Scripting
Microweber Information Disclosure
WordPress Ad Inserter <2.7.10 - Cross-Site Scripting
Zyxel - Authentication Bypass
WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution
WordPress NotificationX <2.3.9 - SQL Injection
Microweber Cross-Site Scripting
WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
Gogs <0.12.6 - Remote Command Execution
WordPress White Label CMS <2.2.9 - Cross-Site Scripting
Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure
Mastodon Prototype Pollution Vulnerability
WordPress Page Views Count <2.4.15 - SQL Injection
karma-runner DOM-based Cross-Site Scripting
MasterStudy LMS <2.7.6 - Improper Access Control
Popup Builder Plugin - SQL Injection and Cross-Site Scripting
Easy!Appointments <1.4.3 - Broken Access Control
Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting
WordPress E2Pdf <1.16.45 - Cross-Site Scripting
Atlassian Jira Seraph - Authentication Bypass
Formcraft3 <3.8.28 - Server-Side Request Forgery
WordPress Shareaholic <9.7.6 - Information Disclosure
WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting
Microweber < 1.2.11 - Open Redirection
WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting
WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
Wordpress Profile Builder Plugin Cross-Site Scripting
uDraw <3.3.3 - Local File Inclusion
CommonsBooking < 2.6.8 - SQL Injection
Microweber <1.2.11 - Information Disclosure
Microweber < 1.2.11 - CRLF Injection
Microweber <1.2.11 - Cross-Site Scripting
WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion
Rudloff alltube prior to 3.0.1 - Open Redirect
WordPress Master Elements <=8.0 - SQL Injection
GitLab CE/EE - Information Disclosure
Infographic Maker iList < 4.3.8 - SQL Injection
WordPress Simple Link Directory <7.7.2 - SQL injection
Users Ultra <= 3.1.0 - SQL Injection
Documentor <= 1.5.3 - Unauthenticated SQL Injection
RevealJS postMessage <4.3.0 - Cross-Site Scripting
WordPress Nirweb Support <2.8.2 - SQL Injection
WordPress Title Experiments Free <9.0.1 - SQL Injection
WordPress Daily Prayer Time <2022.03.01 - SQL Injection
WordPress KiviCare <2.3.9 - SQL Injection
Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection
WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection
Ubigeo de Peru < 3.6.4 - SQL Injection
WordPress BadgeOS <=3.7.0 - SQL Injection
Webmin <1.990 - Improper Access Control
WordPress WP Video Gallery <=1.7.1 - SQL Injection
WordPress Best Books <=2.6.3 - SQL Injection
SpeakOut Email Petitions < 2.14.15.1 - SQL Injection
UpdraftPlus < 1.22.9 - Cross-Site Scripting
WordPress ARPrice <3.6.1 - SQL Injection
nitely/spirit 0.12.3 - Open Redirect
Gogs <0.12.5 - Server-Side Request Forgery
Member Hero <=1.0.9 - Remote Code Execution
Header Footer Code Manager < 1.1.24 - Cross-Site Scripting
Microweber < 1.2.12 - Stored Cross-Site Scripting
WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
WordPress Stop Bad Bots <6.930 - SQL Injection
WordPress Sitemap by click5 <1.0.36 - Missing Authorization
Microweber <1.2.11 - Stored Cross-Site Scripting
Microweber <1.2.12 - Stored Cross-Site Scripting
Microweber <1.2.12 - Integer Overflow
WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting
WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
WordPress WooCommerce <3.1.2 - Arbitrary Function Call
Sophos Firewall <=18.5 MR3 - Remote Code Execution
WordPress RSVP and Event Management <2.7.8 - Missing Authorization
WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
Gitea <1.16.5 - Open Redirect
WordPress Simple File List <3.2.8 - Local File Inclusion
GitLab CE/EE - Hard-Coded Credentials
WordPress WP JobSearch <1.5.1 - Cross-Site Scripting
JobMonster < 4.5.2.9 - Cross-Site Scripting
WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
Elementor Website Builder - Remote Code Execution
WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
F5 BIG-IP iControl - REST Auth Bypass RCE
WordPress Admin Word Count Column 2.2 - Local File Inclusion
WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
WordPress Videos sync PDF <=1.7.4 - Local File Inclusion
External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery
Microweber <1.2.15 - Cross-Site Scripting
WordPress Metform <=2.1.3 - Information Disclosure
WordPress HTML2WP <=1.0.0 - Arbitrary File Upload
Site Offline WP Plugin < 1.5.3 - Authorization Bypass
WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
WordPress WPQA <5.4 - Cross-Site Scripting
WordPress WPQA <5.5 - Improper Access Control
The School Management < 9.9.7 - Remote Code Execution
Drawio <18.0.4 - Server-Side Request Forgery
WordPress Simple Membership <4.1.1 - Cross-Site Scripting
Newsletter < 7.4.5 - Cross-Site Scripting
WordPress RSVPMaker <=9.3.2 - SQL Injection
Drawio <18.1.2 - Server-Side Request Forgery
Terraboard <2.2.0 - SQL Injection
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting
WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting
WordPress CDI <5.1.9 - Cross Site Scripting
WordPress Awin Data Feed <=1.6 - Cross-Site Scripting
WordPress Gallery <2.0.0 - Cross-Site Scripting
WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload
WordPress Sensei LMS <4.5.0 - Information Disclosure
Microweber < 1.2.17 - Cross-Site Scripting
Oracle WebLogic Server Local File Inclusion
Oracle E-Business Suite <=12.2 - Authentication Bypass
Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
WordPress <5.8.3 - SQL Injection
WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting
October CMS - Remote Code Execution
microweber 1.2.18 - Cross-site Scripting
GitLab CE/EE - Remote Code Execution
WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
Unyson < 2.7.27 - Cross Site Scripting
Juniper Web Device Manager - Cross-Site Scripting
SAP Memory Pipes (MPI) Desynchronization
Apache ShardingSphere ElasticJob-UI privilege escalation
PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
Trilium <0.52.4 - Cross-Site Scripting
Spring Cloud Gateway Code Injection
VMware Workspace ONE Access - Server-Side Template Injection
Spring Cloud - Remote Code Execution
Spring - Remote Code Execution
VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
SINEMA Remote Connect Server < V2.0 - Open Redirect
Zabbix - SAML SSO Authentication Bypass
Zabbix Setup Configuration Authentication Bypass
WordPress VR Calendar <=2.3.2 - Remote Code Execution
Crestron Device - Credentials Disclosure
BigAnt Server v5.6.06 - Local File Inclusion
BigAnt Server 5.6.06 - Improper Access Control
MeterSphere < 2.5.0 SSRF
WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
WordPress Directorist <7.3.1 - Information Disclosure
Zoho ManageEngine - Internal Hostname Disclosure
WordPress Easy Student Results <=2.2.8 - Improper Authorization
phpMyAdmin < 5.1.2 - Cross-Site Scripting
WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion
ZZZCMS zzzphp 2.1.0 - Remote Code Execution
MCMS 5.2.5 - SQL Injection
Apache ShenYu Admin Unauth Access
Apache APISIX - Remote Code Execution
Casdoor 1.13.0 - Unauthenticated SQL Injection
Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
FreeIPA - XML Entity Injection
PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
Atom CMS v2.0 - SQL Injection
VoipMonitor - Pre-Auth SQL Injection
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 - SQL injection
Apache Airflow OS Command Injection
SmarterTools SmarterTrack - Cross-Site Scripting
WordPress Transposh <=1.0.8.1 - Information Disclosure
AudioCodes Device Manager Express - SQL Injection
Open Web Analytics 1.7.3 - Remote Code Execution
Garage Management System 1.0 - SQL Injection
ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
Icinga Web 2 - Arbitrary File Disclosure
GeoServer <1.2.2 - Remote Code Execution
XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure
Flyte Console <0.52.0 - Server-Side Request Forgery
Wavlink WN535K2/WN535K3 - OS Command Injection
Wavlink WN535K2/WN535K3 - OS Command Injection
Wavlink WN535K2/WN535K3 - OS Command Injection
Contao <4.13.3 - Cross-Site Scripting
Piano LED Visualizer 1.3 - Local File Inclusion
TerraMaster TOS < 4.2.30 Server Information Disclosure
TOTOLink - Unauthenticated Command Injection
MCMS 5.2.4 - SQL Injection
WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
DVDFab 12 Player/PlayerFab - Local File Inclusion
ThinVNC - Authentication Bypass
ZEROF Web Server 2.0 - Cross-Site Scripting
SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure
Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
WordPress Ninja Job Board < 1.3.3 - Direct Request
WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting
ThinkPHP 5.0.24 - Information Disclosure
Cuppa CMS v1.0 - Local File Inclusion
Cuppa CMS v1.0 - Local File Inclusion
Atom CMS v2.0 - Remote Code Execution
Atom CMS v2.0 - SQL Injection
Atom CMS v2.0 - Cross-Site Scripting
Cuppa CMS v1.0 - Local File Inclusion
WordPress Duplicator <1.4.7 - Authentication Bypass
Duplicator < 1.4.7.1 - Information Disclosure
MotionEye Config Info Disclosure
WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
Confluence - Remote Code Execution
Atlassian Questions For Confluence - Hardcoded Credentials
Grafana & Zabbix Integration - Credentials Disclosure
Ametys CMS Information Disclosure
Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
Yonyou U8 13.0 - Cross-Site Scripting
WordPress Newspaper < 12 - Cross-Site Scripting
74cmsSE v3.4.1 - Arbitrary File Read
All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
DotCMS - Arbitrary File Upload
HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
elFinder <=2.1.60 - Local File Inclusion
Yearning - Directory Traversal
Openemr < 7.0.0.1 - Cross-Site Scripting
Kavita <0.5.4.1 - Server-Side Request Forgery
QNAP QTS Photo Station External Reference - Local File Inclusion
WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability
Zimbra Collaboration (ZCS) - Cross Site Scripting
Microfinance Management System 1.0 - SQL Injection
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 - SQL injection
Atom CMS v2.0 - SQL Injection
Atom.CMS 2.0 - SQL Injection
College Management System 1.0 - SQL Injection
Royal Event - SQL Injection
Navigate CMS 2.9.4 - Server-Side Request Forgery
Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution
WordPress Country Selector <1.6.6 - Cross-Site Scripting
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 - Information Disclosure
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
Caddy 2.4.6 - Open Redirect
D-Link DIR-816L - Improper Access Control
Diary Management System 1.0 - Cross-Site Scripting
Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
Directory Management System 1.0 - SQL Injection
Dairy Farm Shop Management System 1.0 - SQL Injection
Cyber Cafe Management System 1.0 - SQL Injection
Razer Sila Gaming Router - Remote Code Execution
Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion
Node.js Embedded JavaScript 3.1.6 - Template Injection
HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
Nagios XI <5.8.5 - Open Redirect
SolarView Compact 6.00 - Local File Inclusion
SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting
SolarView Compact 6.00 - 'pow' Cross-Site Scripting
SolarView Compact 6.00 - OS Command Injection
kkFileView 4.0.0 - Cross-Site Scripting
NETGEAR ProSafe SSL VPN firmware - SQL Injection
WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
WSO2 Management - Arbitrary File Upload & Remote Code Execution
WSO2 - Cross-Site Scripting
iSpy 7.2.2.0 - Authentication Bypass
WBCE CMS 1.5.2 - Cross-Site Scripting
Wavlink WN-535G3 - Cross-Site Scripting
School Dormitory Management System 1.0 - SQL Injection
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
Zyxel Firewall - OS Command Injection
Simple File List < 4.4.12 - Cross Site Scripting
Atmail 6.5.0 - Cross-Site Scripting
Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
Roxy-WI <6.1.1.0 - Remote Code Execution
ResourceSpace - Metadata Export
Gitblit 1.9.3 - Local File Inclusion
Linear eMerge E3-Series - Information Disclosure
Haraj 3.7 - Cross-Site Scripting
SolarView Compact 6.00 - Cross-Site Scripting
NEX-Forms Plugin < 7.9.7 - SQL Injection
Axigen WebMail - Cross-Site Scripting
BackupBuddy - Local File Inclusion
Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection
VMware - Local File Inclusion
Nortek Linear eMerge E3-Series - Cross-Site Scripting
pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection
WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure
Codoforum 5.1 - Arbitrary File Upload
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 - SQL injection
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 - SQL Injection
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 - SQL Injection
Hospital Management System 1.0 - SQL Injection
Open edX <2022-06-06 - Cross-Site Scripting
Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
Microweber <1.3.2 - Cross-Site Scripting
MSNSwitch Firmware MNT.2408 - Authentication Bypass
Lin CMS Spring Boot - Default JWT Token
u5cms v8.3.5 - Open Redirect
WWBN AVideo 11.6 - Cross-Site Scripting
WWBN AVideo 11.6 - Cross-Site Scripting
WWBN AVideo 11.6 - Cross-Site Scripting
NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
Powertek Firmware <3.30.30 - Authorization Bypass
Apache Spark UI - Remote Command Injection
WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read
WordPress Visitor Statistics <=5.7 - SQL Injection
WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN533A8 - Improper Access Control
WAVLINK WN530HG4 - Improper Access Control
Wavlink WN-533A8 - Cross-Site Scripting
WAVLINK WN530HG4 - Improper Access Control
Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
CuppaCMS v1.0 - Local File Inclusion
RWS WorldServer - Authentication Bypass
PMB 7.3.10 - Cross-Site Scripting
Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
WAVLINK WN535 G3 - Improper Access Control
Hospital Management System 1.0 - SQL Injection
SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution
WordPress WPB Show Core - Cross-Site Scripting
WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting
kkFileView 4.1.0 - Cross-Site Scripting
Zoho ManageEngine - Remote Code Execution
WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
eShop 3.0.4 - Cross-Site Scripting
Moodle LTI module Reflected - Cross-Site Scripting
WordPress ProfileGrid <5.1.1 - Cross-Site Scripting
GLPI <=10.0.2 - Remote Command Execution
Webmin <1.997 - Authenticated Remote Code Execution
ZK Framework - Information Disclosure
Hytec Inter HWL-2511-SS - Remote Command Execution
Omnia MPX 1.5.0+r1 - Local File Inclusion
Atlassian Bitbucket - Remote Command Injection
Jenkins Git <=4.11.3 - Missing Authorization
Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
Artica Proxy 4.30.000000 - Cross-Site Scripting
Cuppa CMS v1.0 - Remote Code Execution
Cuppa CMS v1.0 - Authenticated Local File Inclusion
Shirne CMS 1.2.0 - Local File Inclusion
phpMyFAQ < 3.1.8 - Cross-Site Scripting
WordPress WPSmartContracts <1.3.12 - SQL Injection
IBAX - SQL Injection
RStudio Connect - Open Redirect
Cuppa CMS v1.0 - Cross Site Scripting
Cuppa CMS v1.0 - Arbitrary File Upload
Temenos Transact - Cross-Site Scripting
ServiceNow - Cross-Site Scripting
CRM Perks Forms < 1.1.1 - Cross Site Scripting
Academy Learning Management System <5.9.1 - Cross-Site Scripting
Hospital Management System 1.0 - SQL Injection
Froxlor < 0.10.38.2. - HTML Injection
Zaver - Local File Inclusion
Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
Free5gc 3.2.1 - Information Disclosure
ServiceNow - Cross-site Scripting
WordPress Helloprint <1.4.7 - Cross-Site Scripting
LISTSERV 17 - Cross-Site Scripting
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
WordPress FlatPM <3.0.13 - Cross-Site Scripting
Sophos Mobile managed on-premises - XML External Entity Injection
WordPress Booking Calendar <3.2.2 - Arbitrary File Upload
Fortinet FortiNAC - Arbitrary File Write
Jira Netic Group Export <1.0.3 - Missing Authorization
RaspAP 2.8.7 - Unauthenticated Command Injection
Symmetricom SyncServer Unauthenticated - Remote Command Execution
Simple Task Managing System v1.0 - SQL Injection
Flatpress < v1.2.1 - Cross Site Scripting
Labstack Echo 4.8.0 - Open Redirect
AirFlow < 2.4.0 - Remote Code Execution
Kae's File Manager <=1.4.7 - Cross-Site Scripting
ZZCMS 2022 - Path Information Disclosure
WP User <= 7.0 - Unauthenticated SQLi
WordPress JoomSport <5.2.8 - SQL Injection
Autoptimize < 3.1.0 - Information Disclosure
Cryptocurrency Widgets Pack < 2.0 - SQL Injection
WordPress User Post Gallery <=2.19 - Remote Code Execution
pfSense pfBlockerNG - OS Command Injection
WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
Fortinet - Authentication Bypass
Laravel Filemanager v2.5.1 - Local File Inclusion
Tenda AC1200 V-W15Ev2 - Authentication Bypass
kkFileView 4.1.0 - Cross-Site Scripting
SolarView 6.00 - Remote Command Execution
WordPress IWS Geo Form Fields <=1.0 - SQL Injection
WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery
ReQlogic v11.3 - Cross Site Scripting
RPCMS 3.0.2 - Cross-Site Scripting
F5 BIG-IP Appliance Mode - Command Injection
Welcart eCommerce <=2.7.7 - Local File Inclusion
Backdrop CMS version 1.23.0 - Stored Cross Site Scripting
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
Tenda 11N - Authentication Bypass
WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 - Cross-Site Scripting
Show all comments < 7.0.1 - Cross-Site Scripting
WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
OpenCATS 0.9.6 - Cross-Site Scripting
OpenCATS 0.9.6 - Cross-Site Scripting
OpenCATS 0.9.6 - Cross-Site Scripting
OpenCATS 0.9.6 - Cross-Site Scripting
OpenCATS 0.9.6 - Cross-Site Scripting
Login as User or Customer < 3.3 - Privilege Escalation
WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
kkFileView 4.1.0 - Server-Side Request Forgery
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross-Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross-Site Scripting
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
Mingsoft MCMS - SQL Injection
Hitachi Pentaho Business Analytics Server - Remote Code Execution
WebTareas 2.4p5 - SQL Injection
WebTareas 2.4p5 - SQL Injection
WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure
WordPress Fontsy <=1.8.6 - SQL Injection
CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross-Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross-Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel <= 3.2.1 - Cross Site Scripting
WebTareas 2.4p5 - Cross-Site Scripting
WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
Linx Sphere - Directory Traversal
Download Monitor <= 4.7.60 - Sensitive Information Exposure
WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery
Stock Ticker <= 3.23.2 - Cross-Site-Scripting
WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
ILIAS eLearning <7.16 - Open Redirect
KubeView <=0.1.31 - Information Disclosure
WBCE CMS v1.5.4 - Remote Code Execution
Helmet Store Showroom v1.0 - SQL Injection
Helmet Store Showroom - Cross Site Scripting
Cacti <=1.2.22 - Remote Command Injection
Linear eMerge E3-Series - Cross-Site Scripting
Bangresto - SQL Injection
Harbor <=2.5.3 - Unauthorized Access
NexusPHP <1.7.33 - Cross-Site Scripting
kkFileView 4.1.0 - Cross-Site Scripting
Masa CMS - Authentication Bypass
Mura CMS <10.0.580 - Authentication Bypass
Smart Office Web 20.28 - Information Disclosure
Apache OFBiz < 18.12.07 - Local File Inclusion
LearnPress Plugin < 4.2.0 - Local File Inclusion
Thinkphp Lang - Local File Inclusion
ManageEngine - Remote Command Execution
IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution
OpenCATS 0.9.7 - Cross-Site Scripting
Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure
Wavlink - Improper Access Control
Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting
WordPress BackupBuddy <8.8.3 - Cross Site Scripting
2023
Simple URLs < 115 - Cross Site Scripting
SonicWall SMA1000 LFI
Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
WordPress Tutor LMS <2.0.10 - Cross Site Scripting
WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting
WP Helper Lite < 4.3 - Cross-Site Scripting
Membership Database <= 1.0 - Cross-Site Scripting
Online Security Guards Hiring System - Cross-Site Scripting
WordPress Pie Register <3.8.2.3 - Open Redirect
Bank Locker Management System v1.0 - SQL Injection
Bank Locker Management System - Cross-Site Scripting
WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection
Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting
Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
Fortra GoAnywhere MFT - Remote Code Execution
phpIPAM 1.5.1 - Cross-site Scripting
PHPIPAM <v1.5.1 - Missing Authorization
modoboa 2.0.4 - Admin TakeOver
AP Pricing Tables Lite <= 1.1.6 - SQL Injection
WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting
Flatpress < 1.3 - Path Traversal
WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting
WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection
WordPress GN Publisher <1.5.6 - Cross-Site Scripting
WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting
Mlflow <2.2.1 - Local File Inclusion
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
osTicket < v1.16.6 - Cross-Site Scripting
osTicket < v1.16.6 - Cross-Site Scripting
osTicket < v1.16.6 - Cross-Site Scripting
unilogies/bumsys < v2.0.2 - Clickjacking
Video List Manager <= 1.7 - SQL Injection
Odoo - Cross-Site Scripting
Jeecg-boot 3.5.0 qurestSql - SQL Injection
Imgproxy < 3.14.0 - Cross-site Scripting (XSS)
MyCryptoCheckout < 2.124 - Cross-Site Scripting
Sophos Web Appliance - Remote Code Execution
WAGO - Remote Command Execution
Bitrix Component - Cross-Site Scripting
SupportCandy < 3.1.5 - Unauthenticated SQL Injection
Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting
Ninja Forms < 3.6.22 - Cross-Site Scripting
Phpmyfaq v3.1.11 - Cross-Site Scripting
Tablesome < 1.0.9 - Cross-Site Scripting
Sidekiq < 7.0.8 - Cross-Site Scripting
Cisco VPN Routers - Unauthenticated Arbitrary File Upload
Pretty Url <= 1.5.4 - Cross-Site Scripting
Cisco IOS XE - Authentication Bypass
Custom 404 Pro < 3.7.3 - Cross-Site Scripting
DedeCMS 5.7.87 - Directory Traversal
VMware Aria Operations for Logs - Unauthenticated Remote Code Execution
VMware VRealize Network Insight - Remote Code Execution
VMware Aria Operations for Networks - Remote Code Execution
VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
Purchase Order Management v1.0 - SQL Injection
Aajoda Testimonials < 2.2.2 - Cross-Site Scripting
Oracle Peoplesoft - Unauthenticated File Read
Adobe Connect < 12.1.5 - Local File Disclosure
Seo By 10Web < 1.2.7 - Cross-Site Scripting
Modoboa < 2.1.0 - Improper Authorization
Web2py URL - Open Redirect
KubePi JwtSigKey - Admin Authentication Bypass
KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access
KubeOperator Foreground `kubeconfig` - File Download
Atlassian Confluence - Privilege Escalation
Atlassian Confluence Server - Improper Authorization
Directorist < 7.5.4 - Local File Inclusion
Atlassian Confluence - Remote Code Execution
WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting
SecurePoint UTM 12.x Session ID Leak
Strapi Versions <=4.5.5 - SSTI to Remote Code Execution
Tiempo.com <= 0.1.2 - Cross-Site Scripting
Strapi Versions <=4.5.6 - Authentication Bypass
Securepoint UTM - Leaking Remote Memory Contents
SugarCRM Unauthenticated - Remote Code Execution
wpForo Forum <= 2.1.8 - Cross-Site Scripting
Art Gallery Management System Project v1.0 - Cross-Site Scripting
SolarView Compact 6.00 - OS Command Injection
WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
Quick Event Manager < 9.7.5 - Cross-Site Scripting
Login with Phone Number - Cross-Site Scripting
Mlflow <2.3.0 - Local File Inclusion
Joomla! Webservice - Password Disclosure
CData RSB Connect v22.0.8336 - Server Side Request Forgery
Squidex <7.4.0 - Cross-Site Scripting
mojoPortal 2.7.0.0 - Cross-Site Scripting
Temenos T24 R20 - Cross-Site Scripting
Citrix Gateway and Citrix ADC - Cross-Site Scripting
Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution
phpIPAM - 1.6 - Cross-Site Scripting
PMB 7.4.6 - Cross-Site Scripting
PMB 7.4.6 - Open Redirect
PMB v7.4.6 - Cross-Site Scripting
Appium Desktop Server - Remote Code Execution
vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution
GeoServer OGC Filter - SQL Injection
WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting
Apache Druid Kafka Connect - Remote Code Execution
ChurchCRM 4.5.3 - Cross-Site Scripting
Metersphere - Arbitrary File Read
Ruckus Wireless Admin - Remote Code Execution
ZoneMinder Snapshots - Command Injection
Lexmark Printers - Command Injection
KiviCare WordPress Plugin - Cross-Site Scripting
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
Adobe Coldfusion - Authentication Bypass
Adobe ColdFusion - Local File Read
Jorani 1.0.0 - Remote Code Execution
Weaver E-Office 9.5 - Remote Code Execution
ChurchCRM 4.5.3 - Cross-Site Scripting
ChurchCRM 4.5.3 - Cross-Site Scripting
ATutor < 2.2.1 - Cross Site Scripting
PrestaShop AdvancedPopupCreator - SQL Injection
Jms Blog - SQL Injection
Appwrite <=1.2.1 - Server-Side Request Forgery
GDidees CMS v3.9.1 - Arbitrary File Download
OpenCATS - Open Redirect
MStore API <= 3.9.2 - Authentication Bypass
PaperCut - Unauthenticated Remote Code Execution
SPIP - Remote Command Execution
WordPress Core <=6.2 - Directory Traversal
Home Assistant Supervisor - Authentication Bypass
Apache Superset - Authentication Bypass
Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret
ReadToMyShoe - Generation of Error Message Containing Sensitive Information
PrestaShop TshirteCommerce - Directory Traversal
PrestaShop tshirtecommerce - Directory Traversal
L-Soft LISTSERV 16.5 - Cross-Site Scripting
Weaver OA 9.5 - Information Disclosure
Super Socializer < 7.13.52 - Cross-Site Scripting
Mlflow <2.3.1 - Local File Inclusion Bypass
PrestaShop xipblog - SQL Injection
Newsletter < 7.6.9 - Cross-Site Scripting
EventON <= 2.1 - Missing Authorization
WooCommerce Payments - Unauthorized Admin Access
Wordpress Multiple Themes - Reflected Cross-Site Scripting
Ellucian Ethos Identity CAS - Cross-Site Scripting
GitLab 16.0.0 - Path Traversal
Altenergy Power Control Software C1.2.5 - Remote Command Injection
MinIO Cluster Deployment - Information Disclosure
Wordpress Gift Cards <= 4.3.1 - SQL Injection
Woo Bulk Price Update <2.2.2 - Cross-Site Scripting
ManageEngine ADManager Plus - Command Injection
XWiki - Open Redirect
Adobe ColdFusion - Access Control Bypass
Adobe ColdFusion - Pre-Auth Remote Code Execution
Microsoft SharePoint - Authentication Bypass
FooGallery plugin <= 2.2.35 - Cross-Site Scripting
OpenEMR < 7.0.1 - Cross-Site Scripting
cPanel < 11.109.9999.116 - Cross-Site Scripting
OpenEMR < 7.0.1 - Cross-site Scripting
XWiki >= 13.10.8 - Cross-Site Scripting
Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
Embedded JavaScript(EJS) 3.1.6 - Template Injection
Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion
SolarView Compact <= 6.00 - Local File Inclusion
PowerJob V4.3.1 - Authentication Bypass
PowerJob <=4.3.2 - Unauthenticated Access
TOTOLink - Unauthenticated Command Injection
Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)
PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
OURPHP <= 7.2.0 - Cross Site Scripting
OURPHP <= 7.2.0 - Cross Site Scripting
Webkul QloApps 1.5.2 - Cross-site Scripting
MagnusBilling - Unauthenticated Remote Code Execution
Cacti < 1.2.25 Insecure Deserialization
Rudder Server < 1.3.0-rc.1 - SQL Injection
MStore API < 3.9.8 - SQL Injection
Advanced Custom Fields < 6.1.6 - Cross-Site Scripting
Tree Page View Plugin < 1.6.7 - Cross-Site Scripting
Moodle - Cross-Site Scripting/Remote Code Execution
Repetier Server - Directory Traversal
Cassia Gateway Firmware - Remote Code Execution
TimeKeeper by FSMLabs - Remote Code Execution
GL.iNET SSID Key Disclosure
ChurchCRM v4.5.3 - Cross-Site Scripting
Owncast - Server Side Request Forgery
XWiki - Open Redirect
Netmaker - Hardcoded DNS Secret Key
Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
EventON Lite < 2.1.2 - Arbitrary File Download
Ghost CMS < 5.42.1 - Path Traversal
WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
Openfire Administration Console - Authentication Bypass
Ivanti Avalanche - Remote Code Execution
Old Age Home Management System v1.0 - SQL Injection
BlogEngine CMS - Open Redirect
Faculty Evaluation System v1.0 - SQL Injection
Faculty Evaluation System v1.0 - Remote Code Execution
LMS by Masteriyo < 1.6.8 - Information Exposure
Jeecg P3 Biz Chat - Local File Inclusion
Dolibarr Unauthenticated Contacts Database Theft
H3C Magic R300-2100M - Remote Code Execution
Chamilo LMS <= v1.11.20 Unauthenticated Command Injection
WAVLINK WN579X3 - Remote Command Execution
FUXA - Unauthenticated Remote Code Execution
Uncanny Toolkit for LearnDash - Open Redirection
SRS - Command Injection
SonicWall GMS and Analytics Web Services - Shell Injection
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Kyocera TASKalfa printer - Path Traversal
MOVEit Transfer - Remote Code Execution
Hoteldruid 3.0.5 - Cross-Site Scripting
Gibbon v25.0.0 - Local File Inclusion
Gibbon v25.0.0 - Cross-Site Scripting
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
JeecgBoot 3.5.0 - SQL Injection
bloofoxCMS v0.5.2.1 - SQL Injection
bloofoxCMS v0.5.2.1 - SQL Injection
bloofoxCMS v0.5.2.1 - SQL Injection
Bloofox v0.5.2.1 - SQL Injection
bloofoxCMS v0.5.2.1 - SQL Injection
Bloofox v0.5.2.1 - SQL Injection
Hestiacp <= 1.7.7 - Cross-Site Scripting
Traggo Server - Local File Inclusion
Chamilo Command Injection
Fortinet FortiWLM Unauthenticated Command Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
MobileIron Core - Remote Unauthenticated API Access
XWiki - Cross-Site Scripting
XWiki >= 6.0-rc-1 - Cross-Site Scripting
XWiki - Cross-Site Scripting
XWiki >= 3.4-milestone-1 - Cross-Site Scripting
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki >= 6.2-milestone-1 - Cross-Site Scripting
XWiki < 14.10.5 - Cross-Site Scripting
FOSSBilling < 0.5.3 - Cross-Site Scripting
DedeCMS 5.7.109 - Server-Side Request Forgery
Sitecore - Remote Code Execution
NocoDB version <= 0.106.1 - Arbitrary File Read
Lightdash version <= 0.510.3 Arbitrary File Read
Cloudpanel 2 < 2.3.1 - Remote Code Execution
Intelbras Switch - Information Disclosure
QloApps 1.6.0 - SQL Injection
Webkul QloApps 1.6.0 - Cross-site Scripting
Webkul QloApps 1.6.0 - Cross-site Scripting
Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting
POS Codekop v2.0 - Cross Site Scripting
POS Codekop v2.0 - Broken Authentication
Juniper Devices - Remote Code Execution
Juniper J-Web - Remote Code Execution
MOVEit Transfer - SQL Injection
Honeywell PM43 Printers - Command Injection
CasaOS < 0.4.4 - Authentication Bypass via Internal IP
CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token
Piwigo 13.7.0 - SQL Injection
XWiki Platform - Remote Code Execution
Copyparty <= 1.8.2 - Directory Traversal
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Issabel PBX 4.0.0-6 - Directory Listing
Online Piggery Management System v1.0 - Unauthenticated File Upload
EyouCms v1.6.3 - Information Disclosure
MLflow Absolute Path Traversal
NextGen Mirth Connect - Remote Code Execution
IceWarp Webmail Server v10.2.1 - Cross Site Scripting
Ninja Forms < 3.6.26 - Cross-Site Scripting
Ivanti Sentry - Authentication Bypass
Revive Adserver 5.4.1 - Cross-Site Scripting
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
SuperWebMailer - Cross-Site Scripting
Adobe ColdFusion - Deserialization of Untrusted Data
Adobe ColdFusion - Access Control Bypass
Dahua Smart Park Management - Arbitrary File Upload
mooDating 1.2 - Cross-site scripting
Fujitsu IP Series - Hardcoded Credentials
MooDating 1.2 - Cross-Site Scripting
MooDating 1.2 - Cross-Site Scripting
MooDating 1.2 - Cross-Site Scripting
MooDating 1.2 - Cross-Site scripting
MooDating 1.2 - Cross-site scripting
mooDating 1.2 - Cross-site scripting
CopyParty v1.8.6 - Cross Site Scripting
Metabase < 0.46.6.1 - Remote Code Execution
Academy LMS 6.0 - Cross-Site Scripting
Jeecg-Boot v3.5.1 - SQL Injection
OPNsense - Cross-Site Scripting
OPNsense - Cross-Site Scripting to RCE
Harman Media Suite <= 4.2.0 - Local File Disclosure
FileMage Gateway - Directory Traversal
rConfig 3.9.4 - Server-Side Request Forgery
rConfig 3.9.4 - Server-Side Request Forgery
rConfig 3.9.4 - Server-Side Request Forgery
Nodogsplash - Directory Traversal
Aria2 WebUI - Path traversal
PaperCut < 22.1.3 - Path Traversal
Blog2Social < 7.2.1 - Cross-Site Scripting
Cacti 1.2.24 - SQL Injection
ECTouch v2 - SQL Injection
IceWarp Email Client - Cross Site Scripting
IceWarp 11.4.6.0 - Cross-Site Scripting
PrestaShop Theme Volty CMS Blog - SQL Injection
PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
PrestaShop MyPrestaModules - PhpInfo Disclosure
IceWarp Mail Server v10.4.5 - Cross-Site Scripting
WBCE 1.6.0 - SQL Injection
Mingsoft MCMS < 5.3.1 - Cross-Site Scripting
Stock Ticker <= 3.23.2 - Cross-Site Scripting
Axigen WebMail - Cross-Site Scripting
LG Simple Editor <= v3.21.0 - Command Injection
PHPJabbers Food Delivery Script - SQL Injection
PHPJabbers Food Delivery Script v3.0 - SQL Injection
PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting
PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting
PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting
PHPJabbers Ticket Support Script v3.2 - Cross-Site Scripting
PHPJabbers Callback Widget v1.0 - Cross-Site Scripting
IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect
Nagios XI v5.11.0 - SQL Injection
PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting
SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection
PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting
PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting
PHPJabbers Service Booking Script 1.0 - Cross Site Scripting
PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting
PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting
PHPJabbers Taxi Booking 2.0 - Cross Site Scripting
Qlik Sense Enterprise - HTTP Request Smuggling
Qlik Sense Enterprise - Path Traversal
Ditty < 3.1.25 - Cross-Site Scripting
Store Locator WordPress < 1.4.13 - Cross-Site Scripting
PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting
EyouCms v1.6.2 - Cross-Site Scripting
JFinalCMS v5.0.0 - Directory Traversal
Emlog Pro v2.1.14 - Cross-Site Scripting
RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting
Adlisting Classified Ads 2.14.0 - Information Disclosure
Ruijie RG-EW1200G Router - Password Reset
mooSocial 3.1.8 - Reflected XSS
mooSocial 3.1.6 - Reflected Cross Site Scripting
Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution
Chamilo LMS <= 1.11.24 - Remote Code Execution
OpenCMS - Cross-Site Scripting
OpenCMS - XML external entity (XXE)
JumpServer > 3.6.4 - Information Disclosure
JetBrains TeamCity < 2023.05.4 - Remote Code Execution
WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting
CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
NodeBB XML-RPC Request xmlrpc.php - XML Injection
NextGen Healthcare Mirth Connect - Remote Code Execution
Milesight Routers - Information Disclosure
mooSocial 3.1.8 - External Service Interaction
MooSocial 3.1.8 - Cross-Site Scripting
MooSocial 3.1.8 - Cross-Site Scripting
Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 - SQL Injection
MLFlow < 2.8.1 - Sensitive Information Disclosure
PyTorch TorchServe SSRF
ShokoServer System - Local File Inclusion (LFI)
GeoServer WPS - Server Side Request Forgery
mojoPortal v.2.7.0.0 - Cross-Site Scripting
Ruijie RG-EW1200G Router Background - Login Bypass
Adobe Coldfusion - Cross-Site Scripting
Adobe ColdFusion WDDX Deserialization Gadgets
Piwigo - Cross-Site Scripting
JeecgBoot JimuReport - Template injection
Cockpit - Cross-Site Scripting
mooSocial v.3.1.8 - Cross-Site Scripting
mooSocial v.3.1.8 - Cross-Site Scripting
WordPress Job Portal < 2.0.6 - SQL Injection
XWiki < 14.10.14 - Cross-Site Scripting
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
PrestaShop PireosPay - SQL Injection
D-Link DAR-8000-10 - Command Injection
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
MooSocial 3.1.8 - Cross-Site Scripting
Frigate < 0.13.0 Beta 3 - Cross-Site Scripting
PaperCut NG Unauthenticated XMLRPC Functionality
Leantime < 2.4 - Authenticated SQL Injection
Viessmann Vitogate 300 - Remote Code Execution
qdPM 9.2 - Directory Traversal
WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload
Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion
PrestaShop Step by Step products Pack - SQL Injection
cPH2 Charging Station v1.87.0 - OS Command Injection
GL.iNet <= 4.3.7 - Arbitrary File Write
TOTOLINK A3700R - Command Injection
XWiki < 14.10.14 - Cross-Site Scripting
F5 BIG-IP - Unauthenticated RCE via AJP Smuggling
Ivanti ICS - Authentication Bypass
ISPConfig - PHP Code Injection
Chaosblade < 1.7.4 - Remote Code Execution
Label Studio - Cross-Site Scripting
Label Studio - Sensitive Information Exposure
PlayTube 3.0.1 - Information Disclosure
ManageEngine OpManager - Directory Traversal
QNAP QTS and QuTS Hero - OS Command Injection
SysAid Server - Remote Code Execution
PyArrow Flight RPC - Remote Code Execution
Qualitor <= 8.20 - Remote Code Execution
SuiteCRM Unauthenticated Graphql Introspection
Essential Grid <= 3.1.0 - Cross-Site Scripting
Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery
Nagios XI < 5.11.3 - SQL Injection
XWiki < 4.10.15 - Information Disclosure
WWBN AVideo 11.6 - Cross-Site Scripting
WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
Apache OFBiz < 18.12.10 - Arbitrary Code Execution
OwnCloud - Phpinfo Configuration
KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
DedeCMS v5.7.111 - Cross-Site Scripting
Citrix Bleed - Leaking Session Tokens
Academy LMS 6.2 - Cross-Site Scripting
Academy LMS 6.2 - SQL Injection
ChatGPT-Next-Web - SSRF/XSS
Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure
reNgine 2.2.0 - Command Injection
Apache Solr - Host Environment Variables Leak via Metrics API
XWiki < 4.10.15 - Sensitive Information Disclosure
XWiki < 4.10.15 - Email Disclosure
D-Link D-View 8 v2.0.1.28 - Authentication Bypass
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
MajorDoMo thumb.php - OS Command Injection
Apache OFBiz < 18.12.11 - Server Side Request Forgery
Gradio Hugging Face - Local File Inclusion
Apache OFBiz < 18.12.11 - Remote Code Execution
Winter CMS Local File Inclusion - (LFI)
Viessmann Vitogate 300 - Hardcoded Password
Kafka UI 0.7.1 Command Injection
Microweber < V.2.0 - Cross-Site Scripting
WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload
Mosparo < 1.0.2 - Open Redirect
Structurizr on-premises - Cross Site Scripting
LearnPress < 4.2.5.5 - Cross-Site Scripting
WordPress Core - Post Author Email Disclosure
ColumbiaSoft DocumentLocator - Improper Authentication
phpMyFAQ < 3.2.0 - Cross-site Scripting
Citrix StoreFront - Cross-Site Scripting
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
Mlflow - Arbitrary File Write
Ray Static File - Local File Inclusion
Ray API - Local File Inclusion
VertaAI ModelDB - Path Traversal
H2O ImportFiles - Local File Inclusion
WP Fastest Cache 1.2.2 - SQL Injection
Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
TOTVS Fluig Platform - Cross-Site Scripting
Control iD iDSecure - Authentication Bypass
WordPress My Calendar <3.4.22 - SQL Injection
OpenCMS 14 & 15 - Cross Site Scripting
OpenCms 14 & 15 - Open Redirect
WordPress Toolbar <= 2.2.6 - Open Redirect
WordPress Download Manager - File Password Exposure
Seriously Simple Podcasting < 3.0.0 - Information Disclosure
Prime Mover < 1.9.3 - Sensitive Data Exposure
Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
LearnPress <= 4.2.5.7 - SQL Injection
Mlflow - Cross-Site Scripting
Essential Blocks < 4.4.3 - Local File Inclusion
LearnPress < 4.2.5.8 - Remote Code Execution
WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting
Payment Gateway for Telcell < 2.0.4 - Open Redirect
mlflow - Path Traversal
WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass
Hikvision IP ping.php - Command Execution
Mlflow <2.9.2 - Path Traversal
Mlflow <2.8.0 - Local File Inclusion
Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
GitLab - Account Takeover via Password Reset
System Dashboard < 2.8.10 - Cross-Site Scripting
2024
PAN-OS Management Web Interface - Authentication Bypass
SpiderFlow Crawler Platform - Remote Code Execution
Github Enterprise Authenticated Remote Code Execution
Fortra GoAnywhere MFT - Authentication Bypass
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
Ncast busiFacade - Remote Command Execution
Travelpayouts <= 1.1.16 - Open Redirect
Likeshop < 2.5.7.20210311 - Arbitrary File Upload
Monitorr Services Configuration - Arbitrary File Upload
Combo Blocks < 2.2.76 - Improper Access Control
Smart S210 Management Platform - Arbitary File Upload
Issabel Authenticated - Remote Code Execution
CodeChecker <= 6.24.1 - Authentication Bypass
Rebuild <= 3.5.5 - Server-Side Request Forgery
Tutor LMS <= 2.7.6 - SQL Injection
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
WordPress HTML5 Video Player - SQL Injection
WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
WordPress Plugin MainWP Child - Authentication Bypass
GPT Academic v1.3.9 - Open Redirect
FastChat - Open Redirect
D-Link NAS - Command Injection via Name Parameter
D-Link NAS - Command Injection via Group Parameter
Really Simple Security < 9.1.2 - Authentication Bypass
Stable Diffusion Webui 1.10.0 - Open Redirect
Korenix JetPort 5601v3 - Path Traversal
Altenergy Power Control Software - SQL Injection
Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export
ProjectSend <= r1605 - Improper Authorization
KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection
Download Manager < 3.3.04 - Unauthenticated Arbitrary Shortcode Execution
Gradio - Server Side Request Forgery
Give WP Plugin < 3.19.0 - Cross-Site Scripting
LearnDash LMS < 4.10.3 - Sensitive Information Exposure
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
LearnDash LMS < 4.10.2 - Sensitive Information Exposure
Progress Kemp LoadMaster - Command Injection
WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
BentoML v1.3.9 - Open Redirect
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read
WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
GamiPress <= 2.8.9 - SQL Injection
WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting
Themes Coder Ecommerce <= 1.3.4 - SQL Injection
Relevanssi (A Better Search) <= 4.22.0 - Query Log Export
WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting
WPMobile.App <= 11.56 - Open Redirect
Mlflow < 2.9.2 - Path Traversal
MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
Gradio 4.3-4.12 - Local File Read
NotificationX <= 2.8.2 - SQL Injection
ConnectWise ScreenConnect 23.9.7 - Authentication Bypass
Gradio > 4.19.1 UploadButton - Path Traversal
Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover
Hardcoded Admin Credentials For Cisco Smart Licensing Utility API
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
Adobe ColdFusion - Arbitrary File Read
Dash Framework - Cross-site Scripting
MobSF - Path Traversal
pyLoad Flask Config - Access Control
pyload - Log Injection
XWiki < 4.10.20 - Remote code execution
Atlassian Confluence Data Center and Server - Remote Code Execution
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
Ivanti SAML - Server Side Request Forgery (SSRF)
Ivanti Connect Secure - XXE
Fastify Swagger-UI - Information Disclosure
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager - Java Deserialization
Intel Neural Compressor <2.5.0 - SQL Injection
eyoucms v.1.6.5 - Cross-Site Scripting
GestSup - Account Takeover
GestSup - Cross-Site Scripting
NS-ASG Application Security Gateway 6.3 - Sql Injection
aiohttp - Directory Traversal
Avada < 7.11.7 - Information Disclosure
Rejetto HTTP File Server - Template injection
Progress Kemp Flowmon - Command Injection
JetBrains TeamCity > 2023.11.3 - Authentication Bypass
Exrick XMall - SQL Injection
Ruijie RG-NBS2009G-P - Improper Authentication
SuperWebMailer 9.31.0.01799 - Cross-Site Scripting
CrateDB Database - Arbitrary File Read
MindsDB -DNS Rebinding SSRF Protection Bypass
JumpServer < 3.10.0 - Open Redirect
Traccar - Unrestricted File Upload
Check Point Quantum Gateway - Information Disclosure
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
CaseAware a360inc - Cross-Site Scripting
WyreStorm Apollo VX20 - Information Disclosure
Linksys RE7000 - Command Injection
Fujian Kelixin Communication - Command Injection
ReCrystallize Server - Authentication Bypass
SOPlanning - Remote Code Execution
TeamCity < 2023.11.4 - Authentication Bypass
TeamCity < 2023.11.4 - Authentication Bypass
Docassemble - Local File Inclusion
Apache HugeGraph-Server - Remote Command Execution
Linksys E2000 1.0.06 position.js Improper Authentication
ChatGPT个人专用版 - Server Side Request Forgery
Smart s200 Management Platform v.S200 - SQL Injection
WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
OpenMetadata - Authentication Bypass
pyload-ng js2py - Remote Code Execution
Coda v.2024Q1 - Cross-Site Scripting
Wordpress Email Subscribers by Icegram Express - SQL Injection
WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection
SolarWinds Web Help Desk - Hardcoded Credential
SolarWinds Serv-U - Directory Traversal
.NET Framework - Leaking ObjRefs via HTTP .NET Remoting
Telesquare TLR-2005KSH - Remote Command Execution
VvvebJs < 1.7.5 - Arbitrary File Upload
MLflow < 2.11.3 - Path Traversal
Ivanti EPM - Remote Code Execution
Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation
GLPI 10.0.10-10.0.14 - SQL Injection
Cacti cmd_realtime.php - Command Injection
Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
Apache DolphinScheduler >= 3.1.0, < 3.2.2 Resource File Read And Write
DataEase <= 2.4.1 - Sensitive Information Exposure
WordPress Themify Builder < 7.5.8 - Open Redirect
Netgear R6850 V1.1.0.88 - Command Injection
Netgear R6850 - Information Disclosure
Netgear R6850 - Information Disclosure
ASUS DSL-AC88U - Authentication Bypass
NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template
Flowise 1.6.5 - Authentication Bypass
F-logic DataCube3 - SQL Injection
CData API Server < 23.4.8844 - Path Traversal
CData Connect < 23.4.8846 - Path Traversal
CData Arc < 23.4.8839 - Path Traversal
CData Sync < 23.4.8843 - Path Traversal
XWiki < 4.10.20 - Remote code execution
Apache OFBiz Directory Traversal - Remote Code Execution
Stash < 0.26.0 - SQL Injection
H3C ER8300G2-X - Password Disclosure
Chuanhu Chat - Directory Traversal
RaidenMAILD Mail Server v.4.9.4 - Path Traversal
Mura/Masa CMS - SQL Injection
WP-Recall <= 16.26.5 - SQL Injection
D-Link Network Attached Storage - Command Injection and Backdoor Account
CyberPower - Missing Authentication
CyberPower < v2.8.3 - SQL Injection
CyberPower - SQL Injection
CyberPower - SQL Injection
CyberPower < v2.8.3 - SQL Injection
D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
Lobe Chat <= v0.150.5 - Server-Side Request Forgery
Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization
D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure
Prison Management System - SQL Injection Authentication Bypass
User Meta WP Plugin < 3.1 - Sensitive Information Exposure
Sharp Multifunction Printers - Directory Listing
Sharp Multifunction Printers - Cookie Exposure
SOPlanning 1.52.00 Cross Site Scripting
GlobalProtect - OS Command Injection
Changedetection.io <=v0.45.21 - Cross-Site Scripting
Adobe Commerce & Magento - CosmicSting
TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection
Next.js - Server Side Request Forgery (SSRF)
HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
Wordpress Country State City Dropdown <=2.7.2 - SQL Injection
LyLme-Spage - Arbitary File Upload
OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
Web Directory Free < 1.7.0 - SQL Injection
openSIS < 9.1 - SQL Injection
TileServer API - Cross Site Scripting
Apache OFBiz - Path Traversal
Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read
GeoServer RCE in Evaluating Property Name Expressions
GeoServer and GeoTools - Remote Code Execution
SuiteCRM - SQL Injection
Puppeteer Renderer - Directory Traversal
Keycloak < 24.0.5 - Broken Access Control
PrestaShop productsalert - SQL Injection
Web Directory Free < 1.7.3 - Local File Inclusion
CRMEB v.5.2.2 - SQL Injection
Splunk Enterprise - Local File Inclusion
Ollama - Remote Code Execution
Argo CD Unauthenticated Access to sensitive setting
SecurEnvoy Two Factor Authentication - LDAP Injection
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Hostel < 1.1.5.3 - Cross-Site Scripting
Craft CMS <=v3.7.31 - SQL Injection
SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure
Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting
TurboMeeting - Post-Authentication Command Injection
TurboMeeting - Boolean-based SQL Injection
CodiMD <2.5.4 - Insecure Filename Randomization
Apache HTTPd Windows UNC - Server-Side Request Forgery
Apache HTTP Server - ACL Bypass
Mlflow < 2.11.0 - Path Traversal
Uniview NVR301-04S2-P4 - Cross-Site Scripting
NextChat - Server-Side Request Forgery
Ivanti Avalanche SmartDeviceServer - XML External Entity
WebMvc.fn/WebFlux.fn - Path Traversal
Apache OFBiz - Remote Code Execution
Dokan Pro <= 3.10.3 - SQL Injection
EfroTech Timetrax v8.3 - Sql Injection
Rocket.Chat - Server-Side Request Forgery (SSRF)
Apache Superset < 4.0.2 - SQL Injection
Solara <1.35.1 - Local File Inclusion
1Panel SQL Injection - Authenticated
FOG Project < 1.5.10.34 - Remote Command Execution
Bazarr < 1.4.3 - Arbitrary File Read
CrushFTP VFS - Sandbox Escape LFR
Devika v1 - Path Traversal
Apache CloudStack - SAML Signature Exclusion
Cluster Control CMON API - Directory Traversal
OpenAM<=15.0.3 FreeMarker - Template Injection
Mitel MiCollab - Authentication Bypass
Twisted - Open Redirect & XSS
Open Redirect in Login Redirect - MobSF
BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection
Angular-Base64-Upload - Remote Code Execution
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
BerqWP <= 1.7.6 - Arbitrary File Upload
ZoneMinder - SQL Injection
Moodle - Remote Code Execution
osCommerce v4.0 - Cross-site Scripting
Progress Telerik Report Server - Authentication Bypass
WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
YARPP <= 5.30.10 - Missing Authorization
WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure
LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection
AnteeoWMS < v4.7.34 - SQL Injection
WordPress Core <6.5.2 - Cross-Site Scripting
Business Directory Plugin <= 6.4.2 - SQL Injection
Qualitor <= 8.24 - Remote Code Execution
Apache OFBiz - Remote Code Execution
Apache Solr - Authentication Bypass
CentralSquare CryWolf - Path Traversal
TablePress < 2.4.3 - XXE Injection
OneDev.io < 11.0.9 - Arbitrary File Read
Hoverfly < 1.10.3 - Arbitrary File Read
Drupal 11.x-dev - Full Path Disclosure
SafeGuard for Privileged Passwords < 7.5.2 - Authentication Bypass
Apache OFBiz - Remote Code Execution
XWiki Platform - Unauthorized Document History Access
ASIS - SQL Injection Authentication Bypass
PHP CGI - Argument Injection
FXServer < v9601 - Information Exposure
Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE
DATAGERRY - REST API Auth Bypass
Sitecore Experience Platform <= 10.4 - Arbitrary File Read
Camaleon CMS < 2.8.1 Arbitrary File Write to RCE
Navidrome < 0.53.0 - Authenticated SQL Injection
NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read
JeecgBoot v3.7.1 - SQL Injection
Edito CMS - Sensitive Data Leak
Qualitor <= v8.24 - Server-Side Request Forgery
LoLLMS WebUI - Subfolder Prediction via Path Traversal
Netis Wifi Router - Information Disclosure
NetAlert X - Arbitary File Read
ServiceNow UI Macros - Template Injection
Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution
Vendure - Arbitrary File Read
Plenti < v0.7.2 - OS Command Injection
Gradio - Open Redirect
Sonatype Nexus Repository Manager 3 - Local File Inclusion
Zitadel - User Registration Bypass
Symfony Profiler - Remote Access via Injected Arguments
WP Query Console <= 1.0 - Remote Code Execution
Aviatrix Controller - Remote Code Execution
Cleo Harmony < 5.8.0.21 - Arbitary File Read
Nexus Repository 2 - Remote Code Execution
Hash Form <= 1.1.0 - Arbitrary File Upload
DATAGERRY - Improper Access Control
TOTOLINK CX-A3002RU - Remote Code Execution
CyberPanel - Command Injection
ZoneMinder v1.37.* <= 1.37.64 - SQL Injection
Changedetection.io <= 0.47.4 - Path Traversal
CyberPanel v2.3.6 Pre-Auth Remote Code Execution
ServiceNow - Incomplete Input Validation
FleetCart 4.1.1 - Information Disclosure
My Geo Posts Free <= 1.2 - PHP Object Injection
Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection
Ganglia Web Interface (v3.7.3 - v3.7.6) - Cross-Site Scripting
Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
Kerio Control v9.2.5 - CRLF Injection
Dolibarr ERP CMS `list.php` - SQL Injection
Devika - Local File Inclusion
SSL VPN Session Hijacking
Discourse Backup File Disclosure Via Default Nginx Configuration
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure
Hurrakify <= 2.4 - Server-Side Request Forgery
Radio Player <= 2.0.82 - Server-Side Request Forgery
ipTIME A2004 - Unauthorized Access
ipTIME A2004 - Unauthorized Access
AVM FRITZ!Box 7530 AX - Unauthorized Access
SEOPress < 7.9 - Authentication Bypass
IceWarp Server 10.2.1 - Cross-Site Scripting
WordPress HTML5 Video Player < 2.5.27 - SQL Injection
DevDojo Voyager <=1.8.0 - Arbitrary File Read
DevDojo Voyager <=1.8.0 - Cross-Site Scripting
DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability
MasterSAM Star Gate v11 - Local File Inclusion
Mitel MiCollab - Arbitary File Read
Fortinet Authentication Bypass
Cleo Harmony < 5.8.0.24 - File Upload Vulnerability
Craft CMS - Remote Code Execution via Template Path Manipulation
Apache Pinot < 1.3.0 - Authentication Bypass
Apache NiFi - Information Disclosure
D-Link DIR-859 - Information Disclosure
Netgear DGN2200 - Improper Authentication
TP-Link Archer C20 - Authentication Bypass
TP-LINK WR840N v6 up to 0.9.1 4.16 - Improper Authentication
TP-Link Archer A20 v3 Router - Cross-site Scripting
WpStickyBar <= 2.1.0 - SQL Injection
SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal
Vanna - SQL injection
Palo Alto Expedition - Admin Account Takeover
GiveWP - PHP Object Injection
PrivateGPT < 0.5.0 - Open Redirect
Deep Sea Electronics DSE855 - Authentication Bypass
CZ Loan Management <= 1.1 - SQL Injection
Quiz Maker <= 6.5.8.3 - SQL Injection
Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
LocalAI - Partial Local File Read
Push Notification for Post and BuddyPress <= 1.93 - SQL Injection
TrakSYS 11.x.x - Sensitive Data Exposure
PayPlus Payment Gateway < 6.6.9 - SQL Injection
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
User Profile Builder < 3.11.8 - File Upload
Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite
Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion
Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting
Lightdash v0.1024.6 - Server-Side Request Forgery
LiteLLM - Server-Side Request Forgery
Netgear-WN604 downloadFile.php - Information Disclosure
WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting
WhatsUp Gold HasErrors SQL Injection - Authentication Bypass
EasySpider 0.6.2 - Arbitrary File Read
Calibre <= 7.14.0 Arbitrary File Read
Calibre <= 7.14.0 Remote Code Execution
AnythingLLM - Information Disclosure
SmartSearchWP < 2.4.6 - OpenAI Key Disclosure
SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
Gitea 1.22.0 - Cross-Site Scripting
Journyx 11.5.4 - Reflected Cross Site Scripting
Journyx - XML External Entities Injection (XXE)
PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
Automation Anywhere Automation 360 - Server-Side Request Forgery
TrueBooker <= 1.0.2 - SQL Injection
Viral Signup <= 2.1 - SQL Injection
Opti Marketing <= 2.0.9 - SQL Injection
Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)
AVTECH IP Camera - Command Injection
WSO2 User Registration - Arbitrary Account Creation
Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection
Bylancer Quicklancer 2.4 G - SQL Injection
Shield Security Plugin < 20.0.6 - Cross-Site Scripting
AJ-Report < 1.4.1 - Remote Code Execution
TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability
TVT DVR Sensitive Device - Information Disclosure
W&B Weave Server - Remote Arbitrary File Leak
Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting
Ivanti vTM - Authentication Bypass
AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
Sensei LMS < 4.24.2 - Email Template Leak
Woo Inquiry <= 0.1 - SQL Injection
FastAdmin < V1.3.4.20220530 - Path Traversal
SPIP Porte Plume Plugin - Remote Code Execution
Gradio - Open Redirect
Flowise <= 1.8.2 Authentication Bypass
REST API TO MiniProgram <= 4.7.1 - SQL Injection
VICIdial - SQL Injection
SPIP BigUp Plugin - Remote Code Execution
LearnPress – WordPress LMS - SQL Injection
Z-Downloads < 1.11.7 - Cross-Site Scripting
Keycloak - SAML Core Package Signature Validation Flaw
WebIQ 2.15.9 - Directory Traversal
WP Time Capsule Plugin - Remote Code Execution
Mlflow < 2.17.0 - Local File Inclusion
Riello Netman 204 - SQL Injection
Keycloak - Open Redirect
Ivanti Cloud Services Appliance - Path Traversal
pgAdmin 4 - Authentication Bypass
WordPress File Upload <= 4.24.11 - Arbitrary File Read
WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution
Automation By Autonami < 3.3.0 - SQL Injection
WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update
GutenKit <= 2.1.0 - Arbitrary File Upload
Grafana Post-Auth DuckDB - SQL Injection To File Read
PaloAlto Networks Expedition - Remote Code Execution
Palo Alto Expedition - SQL Injection
PAN-OS Management Web Interface - Command Injection
GitHub Enterprise - SAML Authentication Bypass
Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution
Danswer - Insecure Direct Object Reference
WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
Crypto <= 2.15 - Authentication Bypass
2025
PAN-OS Management Interface - Path Confusion to Authentication Bypass
DocsGPT - Unauthenticated Remote Code Execution
Cockpit < 2.4.1 - Arbitrary File Upload
KLog Server - Path Traversal
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection
HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion
Ingress-Nginx Controller - Remote Code Execution
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Mage AI - Insecure Default Authentication Setup
Sante PACS Server.exe - Path Traversal Information Disclosure
Kubio AI Page Builder <= 2.5.1 - Local File Inclusion
Elestio Memos <= v0.24.0 - Server-Side Request Forgery
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
GLPI < 10.0.17 - Pre-Auth SQL Injection
Apache Tomcat Path Equivalence - Remote Code Execution
XWiki Platform - Remote Code Execution
Vitest Browser Mode - Local File Read
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation
FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload
FREEDOM Administration - Default Login
Navidrome <=0.54.5 - Authentication Bypass in Subsonic API
Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization
Kentico Xperience CMS - Unauthenticated Stored XSS
CrushFTP - Authentication Bypass
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
Next.js Middleware Bypass
Vite - Arbitrary File Read
WordPress WP01 - Path Traversal
Vite Development Server - Path Traversal
Yeswiki < 4.5.2 - Unauthenticated Path Traversal
MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads
UNA CMS 14.0.0-RC - PHP Object Injection
Langflow AI - Unauthenticated Remote Code Execution
default-logins
3com
3COM NJ2000 - Default Login
3Com Wireless 8760 Dual Radio - Default Login
3ware Controller 3DM2 - Default Login
abb
UPS Adapter CS141 SNMP Module Default Login
activemq
Apache ActiveMQ Default Login
Adminer Default Login - Detect
aem
Adobe AEM Default Login
Adobe Experience Manager Felix Console - Default Login
alibaba
Alibaba Canal Default Login
allnet
Allnet - Default Login
alphaweb
AlphaWeb XE Default Login
ambari
Apache Ambari Default Login
AmpJuke - Default Login
apache
Apache Airflow Default Login
Apache Apollo - Default Login
Apache HertzBeat - Default Credentials
Apache Apisix Admin - Default Login
Apache CloudStack - Default Login
Apache DolphinScheduler Default Login
Apache Doris - Default Login
Apache Dubbo - Default Admin Discovery
Apache Kafka Center Default Login
Apache Karaf - Default Login
Apache Kylin Console - Default Login
Apache Ranger - Default Login
Apache Tomcat Manager Default Login
Apache Tomcat - Default Login Discovery
apollo
Apollo Default Login
arl
ARL Default Admin Login
asus
ASUS RT-N16 - Default Login
ASUS WL-500G - Default Login
ASUS WL-520GU - Default Login
audiocodes
AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD - Default Login
azkaban
Azkaban Web Client Default Credential
Barco ClickShare - Default Login
batflat
Batflat CMS - Default Login
bigant
BigAnt - Default Password
bloofoxCMS - Default Login
bonita
Bonita - Default Login
caimore
CAIMORE Gateway Default Login - Detect
camaleon
Camaleon CMS - Default Login
cambium-networks
Canopy 5.7GHz Access Point - Default Login
camunda
Camunda - Default Login
canon
Canon R-ADV C3325 - Default-Login
caprover
Caprover - Default Login
chinaunicom
China Unicom Modem Default Login
chirpstack
ChirpStack - Default Login
cobbler
Cobbler Default Login
Cloudera Hue Default Admin Login
couchdb
CouchDB - Default Login
crushftp
CrushFTP - Anonymous Login
CrushFTP - Default Login
d-link
D-Link AC Centralized Management System - Default Login
dataease
Dataease - Default Login
datagerry
Datagerry - Default Login
datahub
DataHub Metadata - Default Login
dataiku
Dataiku - Default Login
dell
Dell DPI Remote Power Management - Default Login
Dell iDRAC6/7/8 Default Login
DELL iDRAC9 Default Login
Dell EMC ECOM - Default Login
deluge
Deluge - Default Login
devdojo
DevDojo Voyager - Default login
dialogic
Dialogic XMS Admin Console - Default Login
digital-watchdog
Digital Watchdog - Default Login
digitalrebar
RackN Digital Rebar Default Login
dragonfly
Dragonfly - Default Login
druid
Alibaba Druid Monitor Default Login
dvwa
DVWA Default Login
easyreport
EasyReport - Default Login
elasticsearch
ElasticSearch - Default Login
empire
Empire C2 / Starkiller Interface - Default Login
emqx
Emqx Default Admin Login
Esafenet CDG - Default Login
eurotel
EuroTel ETL3100 - Default Login
exacqvision
ExacqVision Default Login
feiyuxing
Feiyuxing Enterprise-Level Management System - Default Login
filegator
Filegator - Default-Login
flir
Flir Default Login
Franklin Fueling System - Default Login
frps
FRP Default Login
fuelcms
Fuel CMS - Default Admin Discovery
fuji-xerox
Fuji Xerox ApeosPort - Default Login
geoserver
Geoserver Admin - Default Login
gitblit
Gitblit - Default Login
gitlab
Gitlab Default Login
glpi
GLPI Default Login
GoIP GSM VoIP Gateway - Default Password
google
Google Earth Enterprise Default Login
gophish
Gophish < v0.10.1 Default Credentials
grafana
Grafana Default Login
guacamole
Guacamole Default Login
hongdian
Hongdian Default Login
hortonworks
HortonWorks SmartSense Default Login
hp
HP 1820-8G Switch J9979A Default Login
huawei
Huawei HG532e Default Credential
hybris
Hybris - Default Login
ibm
IBM Decision Center Business Console - Default Login
IBM Decision Center Enterprise Console - Default Login
IBM Decision Server Console - Default Login
IBM Power HMC - Default Login
IBM MQSeries Web Console Default Login
IBM Storage Management Default Login
Integrated Management Module - Default Login
idemia
IDEMIA BIOMetrics - Default Login
iptime
ipTIME Default Login
ispconfig
ISPConfig Admin - Default Password
ISPConfig Hosting Control Panel - Default Login
jboss
JBoss jBPM Administration Console Default Login - Detect
JBoss JMX Console Weak Credential Discovery
jeedom
Jeedom - Default Login
jellyfin
Jellyfin Console - Default Login
jenkins
Jenkins Default Login
jinher
Jinher-OA C6 - Default Admin Discovery
jupyterhub
Jupyterhub - Default Admin Discovery
Kanboard - Default Login
kettle
Kettle - Default Login
KLog Server - Default Login
leostream
Leostream Default Login
lucee
Lucee - Default Login
lutron
Lutron - Default Account
Magnolia CMS Default Login - Detect
mantisbt
mantisbt - Anonymous Login
MantisBT Default Admin Login
minio
Minio Default Login
mobotix
Mobotix - Default Login
mofi
MOFI4500-4GXeLTE-V2 Default Login
nacos
Alibaba Nacos - Default Login
nagios
Nagios Default Login
Nagios XI Default Admin Login - Detect
netdisco
Netdisco Admin - Default Login
netflow
Netflow Analyzer - Default Login
netsus
NetSUS Server Default Login
next-terminal
Next Terminal - Default Login
nexus
Nexus Default Login
nginx
Nginx Proxy Manager - Default Login
node-red
Node-Red - Default Login
nps
NPS Default Login
nsicg
Netentsec NS-ICG - Default Login
o2oa
O2OA - Default Login
octobercms
OctoberCMS - Default Admin Discovery
ofbiz
Apache OfBiz Default Login
openemr
OpenEMR - Default Admin Discovery
openmediavault
OpenMediaVault - Default Login
oracle
Oracle Business Intelligence Default Login
Oracle PeopleSoft - Default Login
others
Aruba Instant - Default Login
Ciphertrust - Default Login
Cnzxsoft System - Default Login
Inspur Clusterengine 4 - Default Admin Login
Kingsoft 8 - Default Login
OpenCATS - Default Login
Panabit iXCache - Default Admin Login
secnet ac - Default Admin Login
Supershell - Default Login
Telecom Gateway - Default Admin Login
paloalto
Palo Alto Networks PAN-OS Default Login
panabit
Panabit Gateway - Default Login
pcoweb
pCOWeb - Default-Login
pentaho
Pentaho Default Login
phpmyadmin
phpMyAdmin - Default Login
PowerJob - Default Login
powershell
PowerShell Universal - Default Login
prtg
PRTG Network Monitor - Hardcoded Credentials
pyload
PyLoad Default Login
rabbitmq
RabbitMQ Default Login
rainloop
Rainloop WebMail - Default Admin Login
rancher
Rancher Default Login
rConfig - Default Login
ricoh
Ricoh Default Login
riello
Riello UPS NetMan 204 Network Card - Default Login
rockmongo
Rockmongo Default Login
rseenet
Advantech R-SeeNet Default Login
ruckus
Ruckus Wireless - Default Login
ruijie
Ruijie NBR Series Routers - Default Login
rundeck
Rundeck - Default Login
samsung
Samsung Printer - Default Login
Samsung Wlan AP (WEA453e) Default Login
sato
Sato - Default Login
seeddms
SeedDMS Default Login
seeyon
Seeyon OA A8 - Default Login
Seeyon A8 Management Monitor - Default Login
sequoiadb
SequoiaDB Default Login
showdoc
Showdoc Default Login
smartbi
SmartBI - Default Login
softether
SoftEther VPN Admin Console - Default Login
solarwinds
SolarWinds Orion Default Login
sonarqube
SonarQube Default Login - Detect
soplanning
SOPlanning - Default Login
spectracom
Spectracom Default Login
splunk
Splunk - Default Password
stackstorm
StackStorm Default Login
steve
SteVe Login Panel - Detect
structurizr
Structurizr - Default Login
supermicro
Supermicro Ipmi - Default Admin Login
szhe
Szhe Default Login
timekeeper
TimeKeeper - Default Login
Tiny File Manager - Default Login
tooljet
ToolJet - Default Login
topaccess
Toshiba TopAccess - Default-Login
tplink
TP-LINK Router R470T - Default-Login
TP-Link Wireless N Router WR940N - Default-Login
trassir
Trassir WebView Default Login - Detect
UCMDB
Micro Focus Universal CMDB Default Login
umami
Umami Default Login
unify
Unify HiPath Cordless IP - Default Login
versa
Versa Networks SD-WAN Application Default Login
Versa FlexVNF - Default Login
vidyo
Vidyo Default Login
viewpoint
Trilithic Viewpoint Default Login
visionhub
VisionHub Default Login
wayos
AC Centralized Management System - Default password
Wazuh - Default Login
weblogic
WebLogic Default Login
webmethod
WebMethod Integration Server Default Login
Webmin - Default Login
wifisky
Wifisky Default Login
wildfly
Wildfly - Default Admin Login
wso2
WSO2 Management Console Default Login
xerox
Xerox WorkCentre 7xxx Printer Default Login
xnat
XNAT - Default Login
xploitspy
XploitSPY - Default Login
xui
X-UI - Default Login
xxljob
XXL-JOB Default Login
yealink
Yealink CTP18 - Default Login
zabbix
Zabbix Default Login
zebra
Zebra - Default Login
zmanda
Zmanda Default Login
zoho
ManageEngine Applications Manager - Default Credentials
exposed-panels
1Password SCIM Bridge - Panel
3CX Phone System Management Console - Panel Detect
3CX Phone System Web Client Management Console - Panel Detect
3G Wireless Gateway Detection
ACEmanager Detection
AceNet AceReporter Report Panel - Detect
AChecker Login - Panel Detect
Ackee Panel - Detect
Acrolinx Dashboard
ACTi Video Monitoring Panel - Detection
Actifio Resource Center - Panel
ActiveAdmin Admin Dasboard Exposure
Apache ActiveMQ Exposure
Acunetix Login Panel - Detect
Acunetix Login Panel
Adapt Authoring Tool - Panel
AddOnFinance Portal - Detect
Adfinity Login Panel - Detect
AdGuard Panel - Detect
WS-FTP Ad Hoc Transfer Panel - Detect
Adiscon LogAnalyzer - Information Disclosure
Adminer Login Panel - Detect
Adminer Login Panel - Detect
Adminset Login Panel
adobe
Adobe ColdFusion Component Browser Login Panel
Adobe Connect Central Login Panel
Adobe Experience Manager Login Panel
Adobe Media Server Login Panel
Adobe AEM CRX Package Manager - Panel Detect
Adobe Experience Manager Sling User Login - Detect
ActionTec Modem Advanced Setup Login Panel
Aerohive NetConfig UI
Aethra Telecommunications Login - Panel
AfterLogic WebMail Login Panel - Detect
airCube Dashboard Login Panel - Detect
airCube Login - Detect
Apache Airflow Admin Login Panel
AirNotifier Login Panel - Detect
AirOS Panel - Detect
Akamai CloudTest Panel
AKHQ Panel - Detect
Akuiteo Login Panel - Detect
Alamos GmbH Panel - Detect
Alfresco CMS Detection
Alfresco Content App Panel - Detect
Algonomia Leaf Platform Panel - Detect
AlienVault USM Login Panel
Allied Telesis Device GUI Login Panel - Detect
AlternC Desktop Panel - Detect
Apache Ambari Exposure Admin Login Panel
Amcrest Login
Ametys Admin Login Panel
Application Management Panel - Detect
Ampache Login Panel - Detect
AMPPS Admin Login Panel
AMPPS Login Panel
Amprion Grid Loss Login Panel - Detect
Anaqua Login - Panel
Ansible Semaphore Panel Detect
Ansible Tower - Detect
apache
Apache APISIX Login Panel - Detect
Apache Apollo Panel - Detect
Apache Mesos - Panel Detect
Apache Tomcat Manager Login Panel - Detect
Apache JMeter Dashboard Login Panel - Detect
Apigee Login Panel - Detect
Apiman Login Panel
Appsmith User Login - Panel Detect
Appspace Login Panel - Detect
Appsuite Login Panel - Detect
Appwrite Login Panel - Detect
Aptus Login - Panel Detect
Aqua Enterprise - Panel Detect
ArangoDB Web Interface - Detect
arcgis
ArcGIS Enterprise Panel
ArcGIS REST Services Directory - Detect
Archibus Web Central Login - Panel Detect
ArcServe Panel - Detect
Argo CD Login Panel
ARRIS Touchstone Telephony Modem - Panel Detect
Aspcms Backend Panel - Detect
ASPECT Control Panel Login - Detect
ASUS AiCloud Panel - Detect
Asus Router Login Panel - Detect
Atlantis Panel - Detect
Atlassian Bamboo Login Panel - Detect
Atlassian Crowd Login Panel
Atvise Login Panel
Audiobookshelf Login Panel - Detect
AudioCodes Login - Panel Detect
Authelia Panel - Detect
Authentik Panel - Detect
Automatisch Panel - Detect
AutoSet Page - Detect
AvantFAX Login Panel
Avatier Password Management Panel
avaya
Avaya Aura Communication Manager Login - Panel Detect
Avaya Aura System Manager Login - Panel Detect
Aviatrix Cloud Controller Panel
Avigilon Login Panel - Detect
Avtech AVN801 Network Camera Admin Panel - Detect
AVTECH AVC798HA DVR - Information Exposure
AWS EC2 Auto Scaling Lab
AWS OpenSearch Login - Detect
Axel WebServer - Panel Detect
Axigen Web Admin Detection
Axigen WebMail PanelDetection
Axway API Manager Panel - Detect
Axway SecureTransport Login Panel - Detect
Axway SecureTransport Web Client Panel - Detect
Axxon Next Client Login - Detect
Azkaban Web Client
backpack
Laravel Backpack Admin Login Panel - Detect
Barracuda SSL VPN Log In
Bazarr Login - Detect
BEdita Login Panel - Detect
Beego Admin Dashboard Panel- Detect
Beszel Login Panel - Detect
BeyondTrust Privileged Access Management Login - Detect
BeyondTrust Login Panel - Detect
BeyondTrust Privileged Remote Access - Panel
BigAnt Admin Login Panel - Detect
BigBlueButton Login Panel
HCL BigFix Login Panel - Detect
F5 BIG-IP iControl REST Panel - Detect
BioTime Web Login Panel - Detect
Bitdefender GravityZone Panel - Detect
Bitrix Login Panel
Bitwarden Web Vault Login Panel - Detect
Black Duck Login Panel - Detect
bloofoxCMS Login Panel - Detect
Blue Iris Login Panel - Detect
Blue Yonder Panel - Detect
bmc
BMC Discovery Login Panel - Detect
BMC Remedy SSO Login Panel - Detect
BMC Discovery Outpost Admin Panel - Detect
BoltCMS Login Panel - Detect
Bomgar Login Panel - Detect
Bonita Portal Login - Detect
Bonobo Git Server Login Panel - Detect
BookStack Login Panel - Detect
Buddy Panel - Detect
Buildbot Panel - Detect
Busybox Repository Browser - Detect
Bynder Login Panel - Detect
c2
Area Rat C2 - Detect
Brute Ratel C4 - Detect
Caldera C2 - Detect
Covenant C2 - Detect
Deimos C2 - Detect
Empire C2 - Detect
EvilGinx - Detect
Hack5 Cloud C2 - Detect
Hookbot Rat Panel - Detect
Meduza Stealer Panel - Detect
Mystic Stealer Panel - Detect
Mythic C2 - Detect
NH C2 Server - Detect
PupyC2 - Detect
Rhadamanthys Stealer C2 Panel - Detect
Supershell C2 - Detect
Viper C2 - Detect
Cacti Login Panel - Detect
Calendarix Admin Login Panel - Detect
Call Break CMS Panel - Detect
Camaleon CMS Login - Panel
Camunda Login Panel - Detect
canon
Canon iR-ADV C3325 Panel - Detect
CAS Login Panel - Detect
CasaOS Login Panel - Detect
Casdoor Login Panel - Detect
CaseManager Login Panel - Detect
Cassia Bluetooth Gateway Panel - Detect
Caton Network Manager System Login Panel - Detect
Clear-Com Core Configuration Manager Panel - Detect
Centreon Login Panel - Detect
Cerebro Login Panel - Detect
CGIT - Detect
Changedetection.io Panel - Detect
checkmk
Checkmarx Login Panel - Detect
Checkmk Login Panel - Detect
checkpoint
CheckPoint SSL Network Extender Login Panel - Detect
Checkpoint Login Panel - Detect
Chemotargets Clarity Vista Login Panel - Detect
ChirpStack LoRaWAN Detection
Chronos Panel - Detect
cisco
Cisco ACE 4710 Device Manager Login Panel - Detect
Cisco AnyConnect VPN Panel - Detect
Cisco ASA VPN Panel - Detect
Cisco Edge 340 Panel - Detect
CISCO Expressway Login Panel - Detect
Cisco Finesse Login Panel - Detect
Cisco Integrated Management Controller Login Panel - Detect
Cisco IOS XE - Detect
Cisco Meraki Cloud Security Appliance Panel - Detect
Cisco Smart Software Manager On-Prem Panel - Detect
Cisco Prime Infrastructure Panel - Detect
Cisco SD-WAN Login Panel - Detect
Cisco Secure CN Login Panel - Detect
Cisco Secure Desktop Installation Panel - Detect
Cisco ServiceGrid Login Panel - Detect
Cisco Systems Login Panel - Detect
Cisco TelePresence Login Panel - Detect
Cisco UCS Manager KVM Login Panel - Detect
Cisco vManage Login Panel - Detect
Cisco WebVPN Panel - Detect
Cisco Firepower Management Center login - Detect
Cisco Unity Connection Panel - Detect
Cisco Web UI Login - Detect
Citrix ADC Gateway Login Panel - Detect
Citrix VPN Panel - Detect
Claris FileMaker WebDirect Panel - Detect
Clave Login Panel - Detect
CleanWeb Login Panel - Detect
ClearPass Policy Manager Login Panel - Detect
Cloudlog Panel - Detect
CloudPanel Login - Detect
Cloudphysician RADAR Login Panel - Detect
Cobbler WebGUI Login Panel - Detect
Code-Server Login Panel - Detect
Code42 Panel - Detect
CodeMeter - WebAdmin Panel Access
Cofense Vision Login Panel - Detect
ColdFusion Administrator Login Panel - Detect
Compal CH7465LG Login Panel - Detect
Compalex Panel - Detect
CompleteView Panel - Detect
Concourse CI Login Panel - Detect
concrete5
Concrete5 Install Panel
Concrete5 Login Panel - Detect
Connect Box Login Panel - Detect
ConnectWise Server Backup Manager SE Panel - Detect
ConnectWise Control Remote Support Software Panel - Detect
Contao Login Panel - Detect
Content Central Login Panel - Detect
ContentKeeper Cloud Panel - Detect
coreBOS Panel - Detect
Cortex XSOAR Login Panel - Detect
Apache CouchDB Panel - Detect
Apache CouchDB Fauxton Panel - Detect
Cox Business Dominion Gateway Login Panel - Detect
cPanel API Codes Panel - Detect
Craft CMS Admin Login Panel - Detect
CrafterCMS Login Panel - Detect
Creatio Login Panel - Detect
Crontab UI - Dashboard Exposure
CrushFTP WebInterface Panel - Detect
Cryptobox Panel - Detect
Cornerstone OnDemand Panel - Detect
CudaTel Login Panel - Detect
Cvent Login Panel - Detect
Control Web Panel Login Panel - Detect
CX Cloud Panel - Detect
Cyber Chef Panel - Detect
Cyberoam SSL VPN Panel - Detect
Cyberpanel Login Panel - Detect
D-Link Wireless Router Panel - Detect
Dahua Web Service Panel - Detect
Danswer Panel - Detect
Darktrace Threat Visualizer Login Panel - Detect
Dashy Panel - Detect
Datadog Login Panel - Detect
Dataease - Login Panel
Datagerry Panel - Detect
Dataiku Panel - Detect
Davantis Video Analytics Panel - Detect
DaybydayCRM Login Panel - Detect
DbGate Web Client Management - Panel Detect
dbt Docs Panel - Detect
Advanced eMail Solution DEEPMail - Panel
DefectDojo Login Panel - Detect
Dell BMC Panel - Detect
Dell IDRAC Panel - Detect
Dell OpenManage Switch Administrator Login Panel - Detect
Dell Wyse Management Suite Login Panel - Detect
Delta Controls Admin Login Panel - Detect
Deluge WebUI Login Panel - Detect
Dependency-Track Login - Panel
Dericam Login Panel - Detect
Dex Authentication - Panel
Dialogic XMS Admin Console - Detect
Dify Panel - Detect
Digital Watchdog - Detect
RackN Digital Rebar Login Panel - Detect
DirectAdmin Login Panel - Detect
Directum Login Panel - Detect
Discuz Panel - Detection
Python Django Admin Login Panel - Detect
Docebo eLearning Login Panel - Detect
Dockge Panel - Detect
Dockwatch Panel - Detect
DocuWare - Detect
Dokuwiki Login Panel - Detect
Dolibarr Login Panel - Detect
Doris Panel - Detect
Dotclear Admin Login Panel - Detect
dotAdmin Login Panel- Detect
DPLUS Dashboard Panel - Detect
DQS Superadmin Login Panel - Detect
Dradis Professional Edition Login Panel - Detect
DragonFly Login - Panel
draw.io Flowchart Maker Panel - Detect
Drone CI Login Panel - Detect
Alibaba Druid Panel - Detect
Druid Monitor Login Panel - Detect
Drupal Login Panel - Detect
DXPlanning Panel - Detect
Dynamicweb Login Panel - Detect
Dynatrace Login Panel - Detect
dzzoffice
DzzOffice Installation Panel - Detect
DzzOffice Login Panel - Detect
E-mobile Panel - Detect
eArcu Panel - Detect
EasyJOB Login Panel - Detect
EasyVista Login Panel - Detect
Eclipse BIRT Panel - Detect
ECOSYS Command Center RX Panel - Detect
EdgeOS Login Panel - Detect
Eagle For Apache Kakfa Login - Detect
Eko Charger Management Console Login Panel - Detect
Eko Software Update Panel - Detect
Elemiz Network Manager Login Panel - Detect
Emby Login Panel - Detect
Nortek Linear eMerge Panel - Detect
Emerson Network Power IntelliSlot Web Card Panel - Detect
eMessage Login Panel - Detect
EMQX Login Panel - Detect
EMS Login Panel - Detect
EMS Web Client Login Panel - Detect
Enablix Panel - Detect
Endpoint Protector Login Panel - Detect
Entrust IdentityGuard Self-Service Login Panel - Detect
EOS HTTP Browser
Episerver Login Panel
Epson Device Unauthorized Access Detect
Epson Projector Login Panel - Detect
Epson Printer
Eset Protect Login Panel - Detect
ESPHome Login Panel - Detect
ESXi System Login Panel - Detect
Eventum Login Panel - Detect
evlink
EVlink Local Controller - Detection
EVSE Web Interface Panel - Detection
EWM Manager Login Panel - Detect
ExaGrid Manager Login Panel - Detect
Exolis Engage Panel - Detect
Webalizer Panel - Detect
Extreme NetConfig UI Panel - Detect
Ektron CMS Login Panel - Detect
eZ Publish Login Panel - Detect
F-Secure Policy Manager Server Login Panel - Detect
F5 Admin Interface - Detect
Falcosidekick UI Login Panel - Detect
Faraday Login Panel - Detect
FastAPI Docs Panel - Detect
FASTPANEL Login Panel - Detect
FatPipe IPVPN® Panel - Detect
FatPipe MPVPN - Panel Detect
FatPipe WARP - Panel Detect
Femtocell Access Point Panel - Detect
File Browser Login Panel - Detect
FileCatalyst File Transfer Solution - Detect
FileGator Panel - Detect
Fiori Launchpad Login Panel - Detect
Fiori Launchpad Login Panel - Detect
Fireware XTM Login Panel - Detect
Flahscookie Superadmin Login Panel - Detect
FlightPath Login Panel - Detect
Apache Flink Login Panel - Detect
FlipCMS Login Panel - Detect
FlowCI Panel - Detect
FlureeDB Admin Console Login Panel - Detect
FootPrints Service Core Login Panel - Detect
Forcepoint Login panel
Forcepoint Appliance
forti
FortiADC Login Panel - Detect
fortinet
F5 Next Central Manager Panel - Detect
FortiAP Login Panel - Detect
FortiAuthenticator - Detect
FortiClient Endpoint Management Server Panel - Detect
Fortinet FortiMail Login Panel - Detect
Fortinet FortiDDoS Panel
Fortinet FortiGate SSL VPN Login Panel - Detect
Fortinet FortiManager Panel - Detect
Fortinet FortiNAC Login Panel - Detect
Fortinet Login Panel - Detect
Fortinet FortiOS Management Interface Panel - Detect
FortiOS Admin Login Panel - Detect
FortiSIEM Login Panel - Detect
Fortinet FortiTester Login Panel - Detect
Fortinet FortiWeb Login Panel - Detect
Fortinet FortiWLM Login Panel - Detect
Fortiswitch Panel - Detect
FOSSBilling Panel - Detect
Frappe Helpdesk Login Panel - Detect
FreeIPA Identity Management Login Panel - Detect
FreePBX Admin Panel - Detect
FreeScout Panel - Detect
Freshrss Panel - Detect
Friendica Panel - Detect
Froxlor Server Management Login Panel - Detect
Financial Transaction Manager Login Panel - Detect
Fuel CMS Login Panel - Detect
Fuji Xerox Printer Panel - Detect
FusionAuth Admin Panel - Detect
Gargoyle Router Management Utility Admin Login Panel - Detect
GEMweb Plus 500 Login Panel - Detect
GeoServer Login Panel - Detect
Gerapy Panel - Detect
Gespage Login Panel - Detect
GitHub Enterprise - Encrypted SAML
Ghost Panel - Detect
Gira HomeServer 4 Login Panel - Detect
Gitblit Login Panel - Detect
Gitea Login Panel - Detect
Github Enterprise Login Panel - Detect
Gitlab Login Panel - Detect
GitLab Instance Explore - Detect
Gitlab SAML - Detection
CentreStack Login Panel - Detect
Palo Alto Networks GlobalProtect Login Panel - Detect
Glowroot - Panel
GLPI Panel - Detect
GNU Mailman Panel - Detect
GoAnywhere Web Client Login Panel - Detect
GoAnywhere Managed File Transfer Login Panel - Detect
GoCD Login Panel - Detect
Gocron Panel - Detect
Gogs Login Panel - Detect
goodjob-dashboard
Gophish Login Panel - Detect
Gotify Login Panel - Detect
gradle
Gradle Enterprise Build Cache Node Login Panel - Detect
Gradle Develocity Build Cache Node Login Panel - Detect
Gradle Enterprise Login Panel - Detect
Grafana Login Panel - Detect
Grails Admin Console Panel - Detect
Graphite Browser Login Panel - Detect
Graylog Login Panel - Detect
Greenbone Security Assistant Panel - Detect
Group-IB Managed XDR Login Panel - Detect
Gryphon Panel - Detect
GYRA Master Admin Login Panel - Detect
H2 Console Web Login Panel - Detect
Apache Hadoop Panel - Detect
Haivision Gateway Login Panel - Detect
Haivision Media Platform Login Panel - Detect
HAL Management Console Panel
Hangfire Dashboard Panel - Detect
Harbor Login Panel - Detect
Hashicorp Consul Agent - Detect
HashiCorp Consul Web UI Login Panel - Detect
Hestia Control Panel Login - Detect
HighMail Admin Login Panel - Detect
Hitron Technologies Router Login Panel - Detect
HiveManager Login Panel - Detect
Hybris Management Console Login Panel - Detect
Home Assistant Panel
Homebridge Panel - Detect
Homematic Panel - Detect
Homer Panel - Detect
Honeywell Excel Web Control Login Panel - Detect
Honeywell Excel Web Control Login Panel - Detect
Horde Login Panel - Detect
Horde Webmail Login Panel - Detect
Hospital Management System Login Panel - Detect
Hewlett Packard Integrated Lights Out 5 Login Panel - Detect
HP Service Manager Login Panel - Detect
HP Virtual Connect Manager Login Panel - Detect
Hewlett Packard Enterprise System Management Login Panel - Detect
HTTPBin Login Panel - Detect
Huawei HG532e Router Panel - Detect
Huginn Login Panel - Detect
Huly Login Panel - Detect
Hybris Administration Console Login Panel - Detect
Hydra Router Dashboard - Detect
HYPERPLANNING Login Panel - Detect
HyperTest Common Dashboard - Detect
I-Librarian Panel - Detect
Internet Multi Server Control Panel - Detect
ibm
IBM Advanced System Management Panel - Detect
IBM API Connect Panel - Detect
IBM Decision Center Enterprise Console - Panel Detection
IBM Decision Server Console Panel - Detect
IBM Maximo Login Panel - Detect
IBM MQ Web Console Login Panel - Detect
IBM iNotes Login Panel - Detect
IBM Operational Decision Manager Panel - Detect
IBM Security Access Manager Login Panel - Detect
IBM Service Assistant Login Panel - Detect
IBM WebSphere Application Server Community Edition Admin Login Panel - Detect
IBM WebSphere Portal Login Panel - Detect
IBM OpenAdmin Tool - Panel
ICC PRO Login Panel - Detect
IceWarp Login Panel - Detect
Icinga Web 2 Login Panel - Detect
iClock Automatic Data Master Server Admin Panel - Detect
ICT Protege WX Login Panel - Detect
Cisco Identity Services Engine Admin Login Panel - Detect
Ilch CMS Admin Login Panel - Detect
ILIAS Login Panel - Detect
Immich Panel - Detect
Ivanti Incapptic Connect Panel - Detect
InfluxDB Admin Interface Panel - Detect
Infoblox NIOS Login Panel - Detect
Intelbras Router Login Panel - Detect
Intelbras Router Panel - Detect
Intellian Aptus Web Login Panel - Detect
IntelliFlash Login Panel - Detect
Interact Software Panel - Detect
Iomega LenovoEMC NAS Login Panel - Detect
IPdiva Mediation Login Panel - Detect
ipTIME Router Login Panel - Detect
IRISNext Login Panel - Detect
iSAMS Panel - Detect
Issabel Login Panel - Detect
Abbott i-STAT Login Panel - Detect
Combodo iTop Login Panel - Detect
Ivanti Connect Secure Panel - Detect
Ivanti(R) Cloud Services Appliance - Panel
Ivanti Traffic Manager Panel - Detect
ixbus
iXBus Login Panel - Detect
iXCache Login Panel - Detect
Jamf Pro Login Panel - Detect
Jamf MDM Login Panel - Detect
Jamf Pro Setup Assistant Panel - Detect
TIBCO Jaspersoft Login Panel - Detect
jboss
JBoss jBPM Administration Console Login Panel - Detect
JBoss WS JUDDI Console Panel - Detect
JBoss SOA Platform Login Panel - Detect
JBoss JMX Management Console Login Panel - Detect
WildFly Welcome Page - Tech Detect
Jalios JCMS Login Panel - Detect
Jedox Web Login Panel - Detect
Jeedom Login Panel - Detect
Jellyseerr Login Panel - Detect
Jenkins API Panel - Detect
Jenkins Login Detected
JFrog Login Panel - Detect
joget
Joget Panel - Detect
Joomla! Panel
Jorani Login Panel - Detect
JshERP Boot Panel - Detect
JumpServer Login Panel - Detect
Juniper J-Web Panel - Detect
Jupyter Notebook Login Panel - Detect
Apache Kafka Control Center Login Panel - Detect
Apache Kafka Connect UI Login Panel - Detect
Apache Kafka Consumer Offset Monitor Panel - Detect
Apache Kafka Monitor Login Panel - Detect
Apache Kafka Topics Panel - Detect
Kanboard Login Panel - Detect
Kasm Login Panel - Detect
Kavita Login Panel - Detect
Keenetic Web Login Panel - Detect
Progress Kemp LoadMaster Panel - Detect
Kenesto - Login Detect
Kentico Login Panel - Detect
Kerio Connect Login Panel - Detect
Kerio Controle Panel - Detect
Kettle Panel - Detect
Keycloak Admin Login Panel - Detect
kfm
Kae's File Manager Login Panel - Detect
Kae's File Manager Admin Login Panel - Detect
Kiali - Detect
Kibana Login Panel - Detect
Kiteworks PCN Panel - Detect
Kiwi TCMS Login Panel - Detect
kkFileView Panel - Detect
Klog Server Panel - Detect
KLR 300N Router Panel - Detect
Kedacom Network Keyboard Console Panel - Detect
Koel Panel - Detect
Konga Panel - Detect
Kopano WebApp Login Panel - Detect
Kraken Cluster Monitoring Dashboard - Detect
Kronos Workforce Central Login Panel - Detect
Kubernetes Dashboard Panel - Detect
Kubernetes Enterprise Manager Panel - Detect
Mirantis Kubernetes Engine Panel - Detect
Kubernetes Local Cluster Web View Panel- Detect
KubeView Dashboard - Detect
Label Studio - Login Panel
LabKey Server Login Panel - Detect
LabTech Web Portal Login Panel - Detect
LaCie Login Panel - Detect
Lancom Router Login Panel - Detect
Landray Login Panel - Detect
Lansweeper Login Panel - Detect
Lantronix Web Manager Login Panel- Detect
Laravel File Manager - Panel Detect
LDAP Account Manager Login Panel - Detect
Lenovo Fan Power Controller Login Panel - Detect
Lenovo ThinkServer System Manager Login Panel - Detect
Leostream Login Panel - Detect
LibreNMS Login Panel - Detect
LibrePhotos Panel - Detect
LibreSpeed Panel - Detect
Liferay Login Panel - Detect
Linkerd Panel - Detect
Linksys Smart Wi-Fi Login Panel - Detect
LinShare Login Panel - Detect
Live Helper Chat Admin Login Panel - Detect
LiveZilla Login Panel - Detect
Locklizard Web Viewer Login Panel - Detect
LockSelf Login Panel - Detect
Logitech Harmony Pro Installer Portal Login Panel - Detect
Lomnido Panel - Detect
Looker Login Panel - Detect
Lorex Panel - Detect
Loxone Intercom Video Panel - Detect
Loxone WebInterface Panel - Detect
Lucee Web and Lucee Server Admin Login Panel - Detect
LuCi Login Panel - Detect
M-Bus Converter Web Interface - Detect
MACH-ProWeb Login Panel - Detect
MachForm Admin Panel - Detect
macOS Server Panel - Detect
Maestro LISTSERV - Detect
Maestro LuCI Login Panel - Detect
MAG Dashboard Login Panel - Detect
Magento Admin Login Panel - Detect
Magento Connect Manager Installer - Detect
Magnolia CMS Login Panel - Detect
MailHog Panel - Detect
MailWatch Login Panel - Detect
Maltrail Panel - Detect
Malwared (Build Your Own Botnet) - Detect
MantisBT Login Panel - Detect
Matomo Panel - Detect
Mautic CRM Login Panel - Detect
Memos Panel - Detect
MeshCentral Login Panel - Detect
Metabase Login Panel - Detect
Metasploit Panel - Detect
Metasploit Setup and Configuration Page - Detect
MeterSphere Login Panel - Detect
MeTube Instance Detected
M-Files Web Login Panel - Detect
Micro Focus Enterprise Server Admin Panel - Detect
Micro Focus Filr Login Panel - Detect
Micro Focus Application Lifecycle Management - Panel
Micro Focus Vibe Login Panel - Detect
Microsoft Exchange Admin Center Login Panel - Detect
mikrotik
MikroTik Router OS Login Panel - Detect
MikroTik RouterOS Admin Login Panel - Detect
Miniweb Start Page Login Panel - Detect
MinIO Browser Login Panel - Detect
MinIO Console Login Panel - Detect
MISP Threat Intelligence Sharing Platform Panel - Detect
Mitel MiCollab Login Panel - Detect
Mitel Login Panel - Detect
Mitric Checker Login Panel - Detect
Mobile Management Platform Panel - Detect
MobileIron Login Panel - Detect
MobileIron Sentry Panel - Detect
Modoboa Login Panel - Detect
MongoDB Ops Manager Login Panel - Detect
Monitorix Panel - Detect
Monitorr Panel - Detect
Monstra Admin Panel - Detect
Moodle Workplace Login Panel - Detect
Movable Type Pro Login Panel - Detect
MPFTVC Admin Login Panel - Detect
MPSec ISG1000 Security Gateway Panel - Detect
Microsoft Active Directory Certificate Services Panel - Detect
Microsoft Exchange Web Service - Detect
MSPControl Login Panel - Detect
mybb
MyBB Installation Panel - Detect
MyBB Login Panel - Detect
myLittleAdmin Login Panel - Detect
myLittleBackup Panel - Detect
MyStrom Panel - Detect
n8n Panel - Detect
nagios
Nagios Log Server - Detect
Nagios Login Panel - Detect
Nagios XI Login Panel - Detect
NagVis Login Panel - Detect
Navicat On-Prem Server Panel - Detect
N-central Login Panel - Detect
NConf Login Panel - Detect
Neo4j Browser - Detect
Neobox Web Server Login Panel - Detect
Neocase HR Portal Login Panel - Detect
Neos CMS Login Panel - Detect
Tenable Nessus Panel - Detect
NetAlert X Panel - Detect
Netdata Dashboard Panel - Detect
Netdata Panel - Detect
Netflix Conductor UI Panel - Detect
Netflow Analyzer Login - Panel
NETGEAR Router Panel - Detect
Netis Router Login Panel - Detect
Netlify CMS Admin Login Panel - Detect
Netris Dashboard Panel - Detect
NetScaler AAA Login Panel - Detect
Netscaler Gateway
Netsparker Login Panel - Detect
NetSUS Server Login Panel - Detect
Rapid7 Nexpose VM Security Console - Detect
Nexus Login Panel - Detect
Nginx Admin Manager Login Panel - Detect
Nginx Proxy Manager Login Panel - Detect
Nginx UI Panel - Detect
NI Web-based Configuration & Monitoring - Panel
NocoDB Panel - Detect
NoEscape Login Panel - Detect
Nordex Control Wind Farm Portal Login Panel - Detect
Normhost Backup Server Manager Panel - Detect
noVNC Login Panel - Detect
Nozomi Guardian Login Panel - Detect
NP Data Cache Panel - Detect
NPort Web Console Login Panel - Detect
NSQ Admin Panel - Detect
Nutanix Web Console Login Panel - Detect
Nuxeo Platform Login Panel - Detect
NZBGet Login Panel - Detect
O2 Router Setup Panel - Detect
OcoMon Login Panel - Detect
OCS Inventory Login Panel - Detect
OctoPrint Login Panel - Detect
Odoo - Database Manager Discovery
Odoo - Panel Detect
Office Web Apps Server Panel - Detect
OfficeKeeper Admin Login Panel - Detect
One Identity Password Manager Detection
OKI Data Panel - Detect
OKIOK S-Filer Portal Login Panel - Detect
Okta Login Panel - Detect
Ollama LLM Panel - Detect
OLT Web Management Interface Login Panel - Detect
OLYMPIC Banking System Login Panel - Detect
Omnia MPX Node Login Panel - Detect
OneDev Panel - Detect
ONLYOFFICE Login Panel - Detect
Open Game Panel Login Panel - Detect
OpenStack Dashboard Login Panel - Detect
Open Virtualization Userportal & Webadmin Panel Detection
Open Web Analytics Login - Detect
OpenAM Login Panel - Detect
OpenBMCS Login Panel - Detect
OpenBullet 2 - Panel
OpenCart Login Panel - Detect
Opencast Admin Panel Discovery
OpenCATS Login Panel - Detect
OpenCPU Panel - Detect
OpenEdge Login Panel - Detect
OpenEMR Product Registration Panel - Detect
Odoo OpenERP Database Selector Panel - Detect
Openfire Admin Console Login Panel - Detect
Opengear Management Console Login Panel - Detect
OpenNebula Login Panel - Detect
OpenNMS Web Console Login Panel - Detect
OpenObserve Login Panel - Detect
OpenSIS Login Panel - Detect
OpenText Content Server Login Panel - Detect
OpenTouch Multimedia Services - Detect
OpenVas Login Panel - Detect
OpenVPN Admin Login Panel - Detect
OpenVPN Connect Panel - Detect
OpenVPN Monitor - Detect
OpenVPN Server Router Management Panel - Detect
OpenVZ Web Panel Login Panel - Detect
Openweb UI Panel - Detect
openwrt
Opentwrt luCI - Admin Login Page
Opentwrt Login / Configuration Interface
OpenX/Revive Adserver Login Panel - Detect
Opinio Login Panel - Detect
OPNsense Panel - Detect
Oracle Access Management Login Panel - Detect
Oracle Application Server Panel - Detect
Oracle Commerce Business Control Center Login Panel - Detect
Oracle Business Intelligence Login Panel - Detect
Oracle Containers for J2EE 10g Panel - Detect
Oracle E-Business Suite Login Panel - Detect
Oracle Enterprise Manager Login Panel - Detect
Oracle Integrated Lights Out Manager Login Panel - Detect
Oracle Opera Login - Detect
Oracle PeopleSoft Enterprise Login Panel - Detect
Oracle PeopleSoft Login Panel - Detect
Orchid Core VMS Panel - Detect
OSNEXUS QuantaStor Manager Panel - Detect
osticket
osTicket Installer Panel - Detect
osTicket Login Panel - Detect
OTOBO Login Panel - Detect
OurMGMT3 Admin Login Panel - Detect
OutSystems Service Center Login Panel - Detect
Overseerr Panel - Detect
GXD5 Pacs Connexion Login Panel - Detect
Pagespeed Global Admin - Detect
PAHTool Login Panel - Detect
Pair Drop Panel - Detect
Palo Alto Expedition Project Login - Detect
Panabit Login Panel - Detect
Pandora FMS Mobile Console Login Panel - Detect
PAN-OS Management Panel - Detect
PaperCut Panel - Detect
parallels
Parallels H-Sphere Login Panel - Detect
Parallels HTML5 Client Login Panel - Detect
Parse Dashboard Login Panel - Detect
Passbolt Login Panel
Payroll Management System Web Login Panel - Detect
pCOWeb Panel - Detect
PDI Intellifuel - Device Page
Pega Infinity Login Panel - Detect
Pentaho User Console Login Panel - Detect
Persis Panel - Detect
pfSense Login Panel - Detect
PostgreSQL pgAdmin Dashboard Panel - Detect
Phabricator Login Panel - Detect
Phoronix Test Suite Panel - Detect
PhotoPrism Panel - Detect
PHPMailer Panel - Detect
phpCollab Login Panel - Detect
PHP LDAP Admin Panel - Detect
phpMiniAdmin Login Panel - Detect
phpMyAdmin Panel - Detect
phpPgAdmin Login Panel - Detect
Pichome Login Panel - Detect
Piwigo Login Panel - Detect
Planet eStream Login Panel - Detect
Unity Plastic SCM Login Panel - Detect
Plausible Panel - Detect
Plesk Obsidian Login Panel - Detect
Plesk Login Panel - Detect
PocketBase Panel - Detect
Polycom Admin Panel - Detect
Polycom Login Panel - Detect
Portainer Login Panel - Detect
Poste.io Admin Panel - Detect
PostHog Login Panel - Detect
PowerChute Network Shutdown Panel - Detect
PowerCom Network Manager
PowerJob Login Panel - Detect
PowerLogic ION Panel - Detect
Pritunl - Panel
PrivateGPT - Detect
SSH PrivX Login Panel - Detect
ProcessWire Login - Panel Detect
Procore Login - Panel
Project Insight Login Panel - Detect
ProjectSend Login Panel - Detect
Prometheus Panel - Detect
Prometheus Pushgateway Panel - Detect
PRONOTE Login Panel - Detect
Proofpoint Protection Server Panel - Detect
Proxmox Virtual Environment Login Panel - Detect
Pulsar Admin Console Panel - Detect
Pulsar Admin UI Panel - Detect
Pulsar360 Admin Panel - Detect
Pulse Secure VPN Login Panel - Detect
Pulse Secure Version
Puppetboard Panel - Detect
Pure Storage Login Panel - Detect
PyLoad Login - Panel
PyPICloud Login Panel - Detect
qBittorrent Web UI Panel - Detect
qdPM Login Panel
Qlik Sense Server Panel - Detect
QlikView AccessPoint Login Panel - Detect
QmailAdmin Login Panel - Detect
qnap
QNAP Photo Station Panel - Detect
QNAP Turbo NAS Login Panel - Detect
Qualcomm 4G LTE WiFi VoIP Router Panel - Detect
Qualitor ITSM - Detect
Qualtrics Login Panel - Detect
Quantum Scalar i500 Login Panel - Detect
Quest Modem Configuration Login - Panel
Quilium Panel - Detect
Quivr Panel - Detect
R WebServer Login Panel - Detect
RabbitMQ Management Panel - Detect
Racksnet Login Panel - Detect
Radius Manager Admininstration Control Panel Login Panel - Detect
Rancher Dashboard Panel - Detect
Rancher Login Panel - Detect
RaspberryMatic Login Panel - Detect
RCDevs WebADM Panel - Detect
RD Web Access Panel - Detect
Red Lion Control Panel - Detect
Redash Login Panel - Detect
redhat
Red Hat Satellite Panel - Detect
Redis Commander Panel - Detect
Redis Enterprise - Detect
Redmine Login Panel - Detect
Regify Login Panel - Detect
Remedy Axis Login Panel - Detect
RemKon Device Manager Login Panel - Detect
Canon Remote UI Login Panel - Detect
Reolink Panel - Detect
Repetier Server Panel - Detect
Reportico Administration Page - Detect
Reposilite Login Panel - Detect
Residential Gateway Login Panel - Detect
Retool Login Panel - Detect
Ricoh Web Image Monitor - Detect
Riello UPS NetMan 204 Panel - Detect
Rise Up Login Panel - Detect
RocketChat Login Panel - Detect
Apache RocketMQ Console Panel - Detect
AVTECH Room Alert Login Panel - Detect
Roxy File Manager - Panel Detect
Royal Event Management System Admin Panel - Detect
RSA Self-Service Login Panel - Detect
RStudio Panel - Detect
RStudio Sign In Panel - Detect
RTM WEB - Panel
Ruckus Wireless Unleashed Login Panel - Detect
Ruckus Wireless Admin Login Panel - Detect
ruijie
Ruijie RG-UAC Login Panel - Detect
Rundeck Login Panel - Detect
Rustici Content Controller Panel - Detect
SafeNet Authentication Login Panel - Detect
Saferoads VMS Login Panel - Detect
Sage X3 Login Panel - Detect
Saia PCD Web Server Panel - Detect
SaltGUI Login Panel - Detect
SaltStack Config Panel - Detect
Samba SWAT Panel - Detect
Samsung Printer Panel - Detect
SAP Analytics Cloud Panel - Detect
SAP HANA XS Engine Admin Login Panel - Detect
SAP NetWeaver Portal - Detect
SAP SuccessFactors Login Panel - Detect
SAP Fiori Login Panel - Detect
SAS Login Panel - Detect
Satis Composer Repository - Detect
Sauter moduWeb Login Panel - Detect
SAUTER moduWeb Vision Panel - Detect
Scribble Diffusion Panel - Detect
scriptcase
ScriptCase Panel Detect
ScriptCase Production Environment Login
SCS Remote Monitoring and Control Login Panel - Detect
Seafile Panel - Detect
Seagate NAS Login - Detect
Seats Login Panel - Detect
SecMail Login Panel - Detect
SecNet Login Panel - Detect
Secure Login Service Login Panel - Detect
SecurEnvoy Login Panel - Detect
Securepoint UTM Admin Panel - Detect
Security Onion Panel - Detect
SecuritySpy Camera Panel - Detect
SeedDMS Login Panel - Detect
Selenium Grid Panel - Detect
Selenoid UI Login Panel - Detect
SelfCheck System Manager - Panel
Sensu by Sumo Logic Login Panel - Detect
SentinelOne Management Console Login Panel - Detect
Sentry Login Panel
SequoiaDB Login Panel - Detect
Server Backup Manager SE Login Panel - Detect
Server Backup Manager SE Panel - Detect
Jira Service Desk Login Panel - Detect
ServiceNow Login Panel - Detect
SevOne NMS Network Manager
SGP Login Panel - Detect
ShardingSphere ElasticJob UI Panel
ShareCenter Login Panel - Detect
Sharefile Login - Panel
Shell In A Box - Detect
SHOUTcast Server Panel - Detect
Sicom MGRNG - Administrative Login Found
Sidekiq Dashboard Panel - Detect
Signet Explorer Dashboard - Detect
Sitecore Login Panel - Detect
Sitecore Admin Login Panel - Detect
Sitefinity Login
Orpak SiteOmat Login Panel - Detect
Skeepers Login Panel - Detect
SkyCaiji Admin Panel - Detect
Slocum Fleet Mission Control Login Panel - Detect
SmartPing Dashboard Panel - Detect
SnapComms Content Manager Panel - Detect
SoftEther VPN Panel - Detect
SolarView Compact Panel - Detect
SolarWinds ARM (Access Rights Manager) - Detect
SolarWinds Orion Login Panel - Detect
SolarWinds Serv-U File Server Panel - Detect
Apache Solr Admin Panel - Detect
Somansa DLP Login Panel - Detect
Somfy Login Panel - Detect
SonarQube Panel - Detect
SonicWall Appliance Management Console Login Panel - Detect
SonicWall Network Security Login - Detect
SonicWall Analyzer Login Panel - Detect
SonicWall Management Admin Login Panel - Detect
SonicWall Virtual Office SSL VPN Login Panel - Detect
Sophos Firewall Login Panel - Detect
Sophos Mobile Panel - Detect
Sophos Web Appliance
SpaceLogic C-Bus Home Panel - Detect
Apache Spark Panel - Detect
Speedtest Panel - Detection
Sphider Admin Login Panel - Detect
SphinxOnline Panel - Detect
SpiderFoot Login Panel - Detect
Splunk Enterprise Login Panel - Detect
Splunk SOAR Login Panel - Detect
SpotWeb Login Panel - Detect
SQL Monitor - Discovery
SQL Buddy Login Panel - Detect
SQLPad Panel - Detect
Squidex Headless CMS Panel - Detect
SquirrelMail Login Panel - Detect
SqWebMail Login Panel - Detect
Star Micronics Network Utility Panel - Detect
Start Element Manager Panel - Detect
SteVe Login Panel - Detect
Stirling PDF Panel - Detect
Storybook Panel - Detect
Strapi CMS Documentation Login Panel - Detect
Strapi Login Panel - Detect
Strider CD Panel - Detect
Structurizr Panel - Detect
Submitty Login Panel - Detect
Subrion Admin Panel Login Panel - Detect
SugarCRM Login Panel - Detect
Sunbird DCIM - Detect
SUNGROW Logger1000 Panel - Detect
SuperAdmin Login Panel - Detect
Supermicro BMC Login Panel - Detect
Apache Superset Login Panel - Detect
Supertokens Login Panel - Detect
SuperVPN Login Panel - Detect
Suprema BioStar 2 Panel - Detect
Syfadis Xperience Login Panel - Detect
symantec
Symantec Data Loss Prevention Login Panel - Detect
Symantec Endpoint Protection Manager Login Panel - Detect
Symantec Encryption Server Login Panel - Detect
Symantec Identity Manager Management Console
Symantec PGP Global Directory Panel - Detect
Symantec Phishing Readiness Platform Console
Synapse Mobility Login Panel - Detect
Symmetricom SyncServer Panel - Detect
SyncThru Web Service Panel - Detect
Synnefo Admin Login Panel - Detect
Synology RackStation Login Detect
Synopsys Coverity Panel
SysAid Login Panel - Detect
Tabby Panel - Detect
Tableau Python Server Panel - Detect
Tableau Services Manager Login Panel - Detect
Tactical RMM Login Panel - Detect
Tailon Panel - Detect
Tautulli Panel - Detect
TeamCity Login Panel - Detect
TeamForge Panel - Detection
TeamPass Panel - Detect
Tectuus SCADA Monitor Panel - Detect
Tekton Dashboard Panel - Detect
Telerik Report Server Login Panel - Detect
telesquare
Telesquare TLR-2005KSH Login Panel - Detect
Teltonika Login Panel - Detect
TemboSocial Admin Panel - Detect
Temenos Transact Login Panel - Detect
Tenda 11n Wireless Router - Admin Panel
Tenda Web Master Login Panel - Detect
Tenemos T24 Login Panel - Detect
Teradek Cube Administrative Console - Panel
Teradici PCoIP Zero Client Login Panel - Detect
Terraform Enterprise Panel - Detect
Terramaster Login Panel - Detect
Thinfinity VirtualUI Panel - Detect
ThreatQ Login Panel - Detect
Thruk Login Panel - Detect
TIBCO Managed File Transfer - Panel
TIBCO Spotfire Login Panel - Detect
Tigase XMPP Server - Exposure
Tiki Wiki CMS Groupware Login Panel - Detect
Tiny File Manager Panel - Detect
Tiny RSS Panel - Detect
Tixeo Login Panel - Detect
tomcat
Tomcat Exposed - Detect
ToolJet Login Panel - Detect
toshiba
Toshiba TopAccess Panel - Detect
Total Web Solutions Panel - Detect
Totemomail Login Panel - Detect
tplink
TP-LINK Router R470T - Detect
Traccar Panel - Detect
Tracer SC Login Panel - Detect
Traefik Dashboard Panel - Detect
Trellix Login Panel
Trend Micro Apex One Login Panel - Detect
trendnet
TRENDnet TEW-827DRU Login Panel - Detect
TrueNAS Panel - Detect
Tufin SecureTrack Login Panel - Detect
T-Up OpenFrame
TurnKey LAMP Panel - Detect
TurnKey OpenVPN Panel - Detect
Tuxedo Connected Controller Login Panel - Detect
txAdmin Panel - Detect
TYPO3 Login Panel - Detect
UiPath Orchestrator Login Panel - Detect
Umami Panel - Detect
Umbraco Login Panel - Detect
unauth
Tautulli Panel - Unauthenticated Access
X-Proxy Dashboard Panel - Detect
FRPS Dashboard - Detect
Unibox Panel - Detect
UniFi Network Login Panel - Detect
Unleash Panel - Detect
Untangle Administrator Login Panel - Detect
Uptime Kuma - Panel
UrBackup Panel - Detect
User Control Panel - Detect
Usermin Panel - Detect
V2924 Admin Login Panel - Detect
Vault Login Panel - Detect
Vaultwarden Login Panel - Detect
VectorAdmin Panel - Detect
Veeam Backup for Microsoft Azure Panel - Detect
Veeam Backup for Google Cloud Platform Panel - Detect
Veeam Backup Enterprise Manager Login - Detect
Veeam Login Panel - Detect
Veracore Login - Detect
Veritas NetBackup OpsCenter Analytics Login - Detect
Veriz0wn OSINT - Detect
Verizon Router Panel - Detect
versa
Versa Director Login Panel - Detect
Versa FlexVNF Panel - Detect
Versa SD-WAN Login Panel - Detect
Vertex Tax Installer Panel - Detect
Vidyo Admin Login Panel - Detect
Vigor Login Panel - Detect
Vince Login Panel - Detect
Vinchin Backup & Recovery Panel - Detect
Virtua Software Panel - Detect
Virtual EMS Login Panel - Detect
Vista Web Login Panel
VMware Aria Operations Login - Detect
VMware Carbon Black EDR Panel - Detect
VMware Cloud Director Availability Login Panel - Detect
VMware Cloud Director Login Panel - Detect
VMware FTP Server Login Panel - Detect
VMware HCX Login Panel - Detect
Desktop Portal VMware Horizon DaaS Trade Platform
VMware Horizon Login Panel - Detect
VMware NSX Login Panel - Detect
VMware vCenter Converter Panel - Detect
VMware vCloud Director Panel - Detect
Vodafone Vox UI Login Panel - Detect
VoIPmonitor Login Panel - Detect
vRealize Hyperic Login Panel - Detect
vRealize Log Insight - Panel Detect
Vue PACS - Panel
WAGO PLC Panel - Detect
Wagtail Login - Detect
Wallix Access Manager Panel - Detect
WampServer Panel - Detect
Watcher Panel - Detect
Watchguard Login Panel - Detect
Watershed Login Panel - Detect
Wazuh Login Panel
WD My Cloud Panel - Detect
WeatherLinkIP Configuration Panel - Detect
Weave Scope Panel - Detect
Web File Manager Login Panel - Detect
Web Local Craft Terminal Login Panel - Detect
Web Viewer for Samsung DVR - Detect
WebcomCo - Panel
Web Editor Check - Detect
Oracle WebLogic Login Panel - Detect
Oracle WebLogic UDDI Explorer Panel - Detect
Webmin Admin Login Panel - Detect
Webmodule Login Panel - Detect
WebPageTest Login Panel - Detect
Webroot Login Panel - Detect
WebShell4 Login Panel - Detect
WebTitan Cloud Panel - Detect
Web Transfer Client Login Panel - Detect
Webuzo Admin Login Panel - Detect
Weiphp Panel - Detect
Whatsup Gold Login Panel - Detect
WHM Login Panel - Detect
Wildix Collaboration Panel - Detect
Wiren Board WebUI Panel - Detect
WMW Enterprise Login Panel - Detect
Woodwing Studio Server Panel - Detect
WordPress Login Panel - Detect
RDWeb RemoteApp and Desktop Connections - Web Access
VMware Workspace ONE UEM Airwatch Login Panel - Detect
VMware Workspace ONE UEM Airwatch Self-Service Portal - Detect
Wowza Streaming Engine Manager Panel - Detect
WS_FTP Server Web Transfer - Panel Detect
WSO2 Management Console Login Panel - Detect
XDS-AMR Status Login Panel - Detect
Xeams Admin Console Login Panel - Detect
Xenmobile Console Login Panel - Detect
Xfinity Panel - Detect
Xiaomi Wireless Router Admin Panel - Detect
Xibo CMS Login Panel - Detect
XNAT Login Panel - Detect
xoops
XOOPS Installation Wizard Panel - Detect
XPhone Connect Admin Interface - Detect
XVR Login Panel - Detect
Xweb500 Login Panel - Detect
XXLJOB Admin Login Panel - Detect
Apache YARN ResourceManager Panel - Detect
Yellowfin Information Collaboration - Detect
Yopass Panel - Detect
YunoHost Admin Panel - Detect
YzmCMS Login Panel - Detect
Zabbix Login Panel - Detect
Z-BlogPHP Admin Login Panel - Detect
Z-BlogPHP Panel - Detect
Zenario Admin Login Panel - Detect
ZenML Dashboard Panel - Detect
Zentao Panel - Detect
Zentral Panel - Detect
ZeroShell Panel - Detect
Zimbra Panel - Detect
Zimbra Collaboration Suite Login Panel - Detect
Zipkin Login Panel - Detect
zoho
ZOHO ManageEngine ADAudit/ADManager Panel - Detect
ZOHO ManageEngine ADSelfService Plus - Detect
ZOHO ManageEngine Analytics Plus Panel - Detect
ZOHO ManageEngine APEX IT Help-Desk Panel - Detect
ZOHO ManageEngine Applications Manager Panel - Detected
ZOHO ManageEngine AssetExplorer Panel - Detect
ZOHO ManageEngine Desktop Panel - Detect
ZOHO ManageEngine KeyManagerPlus Panel - Detect
Zoho ManageEngine Network Configuration Manager Panel - Detect
ZOHO ManageEngine OpManager Panel - Detect
ZOHO ManageEngine ServiceDesk Panel - Detect
ZOHO ManageEngine SupportCenter Panel - Detect
ZoneMinder Login Panel - Detect
Zoraxy Login Panel - Detect
ZTE Panel - Detect
Zuul Panel - Detect
zyxel
Zyxel Firewall Panel - Detect
Zyxel VMG1312-B10D - Login Detection
Zyxel VSG1432-B101 - Login Detection
ZyXel Router Login Panel - Detect
exposures
apis
SOAP-based ASP.NET web services ASMX - Detect
Couchbase Buckets Unauthenticated REST API - Detect
Drupal JSON:API Username Listing - Detect
Jeecg Boot Swagger Bootstrap UI - Detect
OpenAPI - Detect
Redfish API - Detect
Seafile API - Detect
Strapi API - Detect
Public Swagger API - Detect
WADL API - Detect
WSDL API - Detect
backups
Backup Directory Listing - Detect
mysql.initial Config - Detect
Froxlor Server Management Backup File - Detect
PHP Source - Backup File Information Disclosure
settings.php - Information Disclosure
MySQL - Dump Files
SQL Server - Dump Files
Compressed Backup File - Detect
configs
3CX Config - File Disclosure
Accueil WAMPSERVER Configuration Page - Detect
Apache Airflow Configuration Page - Detect
Alibaba Canal Config - Detect
Dockerrun AWS Configuration Page - Detect
Ansible Configuration Page - Detect
Apache Configuration File - Detect
Apache JSPWiki - User IP Enumeration
Apache Ozone - Exposure
Apache Pinot - Exposure
Appspec YML/YAML - Detect
AppVeyor Configuration Page - Detect
AWS Configuration - Detect
AWS Credentials - Detect
AWStats Config - Detect
AWStats Script Config - Detect
Microsoft Azure Domain Tenant ID - Detect
Babel Configuration - Detect
Behat Configuration File - Detect
Blazor Boot File Disclosure
CakePHP Configuration File - Detect
Test CGI Script - Detect
CircleCI Configuration File - Detect
CircleCI SSH Configuration - Detect
Cisco System Network Configuration Page - Detect
Codeception YAML Configuration File - Detect
Codeigniter - .env File Discovery
Collibra Properties Exposure
Composer Config - Detect
Configuration File - Detect
Config Properties Exposure
Ruby Configuration File - Detect
Sensitive Configuration Files Listing - Detect
Coremail - Config Discovery
cPanel Configuration - File Disclosure
Cypress Oxygen Configuration Page - Detect
DBeaver - Credentials Discovery
Golang Expvar - Detect
FTP Deployment Config File - Exposure
Drone - Configuration Detection
Django Config - Detect
Docker Compose - Detect
Detect .dockercfg
Dockerfile - Detect
DomPDF - Configuration Page
Editor Configuration File - Detect
eSMTP - Config Discovery
Authentication.asmx - Detect
BitKeeper Configuration - Detect
Bazaar Configuration - Detect
Darcs Configuration - Detect
Gitignore Config - Detect
HG Configuration - Detect
Sharepoint List - Detect
SVN Configuration - Detect
Visual Studio Code Directories - Detect
FastCGI Configuration - File Disclosure
Filestash Admin Password Configuration
Firebase Configuration File - Detect
FTP Credentials Exposure
Google Cloud Default Config - Detect
Git Configuration - Detect
Nginx - Git Configuration Exposure
Git Credentials - Detect
Github Workflow Disclosure
GMail API - Detect
GolangCI-Lint Configuration File - Detect
Gruntfile Config - Detect
Guardfile Config - Detect
Hikvision Configuration File - Detect
Honeywell Scada Configuration File - Detect
HP iLO Serial Key - Detect
Apache htpasswd Config - Detect
Apache httpd Config File - Detect
JavaScript Environment Configuration - Detect
Jetbrains IDE DataSources Config - Detect
JK Status Manager - Detect
Joomla! Configuration File - Detect
Visual Studio Code jsconfig.json - Detect
Karma Configuration File - Detect
Keycloak OpenID Configuration - Detect
Kubernetes Kustomize Configuration - Detect
Kyan Credential - Exposure
Laravel - Sensitive Information Disclosure
Lvmeng - UTS Disclosure
Magento Configuration Panel - Detect
Mercurial Ignore - File Disclosure
Msmtp - Config Exposure
Nagios Current Status Page - Detect
Neo4j Neodash Config - Exposure
Netbeans Config - Detect
Netrc - Config File Discovery
Nginx Config - Detect
OPcache Status Page - Detect
Oracle CGI printenv - Information Disclosure
Oracle E-Business System Credentials Page - Detect
OVPN Configuration Download Page - Detect
owncloud Config - Detect
NPM package.json Disclosure
Parameters.yml - File Discovery
Apache Mod_perl Status Page - Detect
Phalcon Framework - Source Code Leakage
Phinx Configuration Exposure
PHP-FPM Configuration Page - Detect
PHP_CodeSniffer Configuration Exposure - Detect
PHPinfo Page - Detect
phpspec Config - Detect
PHPStan Configuration Page - Detect
phpSysInfo Exposure
Pipfile Config - Detect
Platformio Config File Disclosure
Webalizer Log Analyzer Configuration - Detect
Pre-commit Configuration File - Detect
Procfile Config - Detect
ProFTPD Configuration File - Detect
Prometheus Metrics - Detect
Protractor Configuration Exposure
Web Proxy Auto-Discovery Configuration File - Detect
Psalm Configuration Exposure - Detect
Pubspec YAML Configuration File - Detect
pyproject.toml Configuration - Detect
qdPM 9.2 - DB Credentials Exposure
Rackup Configuration - Detect
Ruby on Rails Database Configuration File - Detect
Rakefile - File Disclosure
Redis Configuration File - Detect
RoboMongo Credential - Exposure
Rollup.js Configuration - Detect
Rubocop Configuration - Detect
Ruijie Login Panel - Detect
Ruijie NBR1300G Cli Password Leak - Detect
Ruijie Phpinfo Configuration - Detect
S3CFG Configuration - Detect
S3CMD Configuration - Detect
Saia PCD Web-Server Configuration Page - Detect
Samba Config - Detect
Scrutinizer Config - Detect
SSL/SSH/TLS/JWT Keys - Detect
SFTP Configuration File - Credentials Exposure
Atom SFTP Configuration File - Detect
Snoop Servlet - Information Disclosure
Sphinx Search Config - Exposure
SSH Authorized Keys File - Detect
SSH Known Hosts File - Detect
Stestr Configuration File - Detect
Svnserve Configuration File - Detect
Symfony Database Configuration File - Detect
Symfony Profiler - Detect
Symfony Security Configuration File - Detect
Tox Configuration File - Detect
vBulletin - Full Path Disclosure
Ventrilo Configuration File - Detect
Vite Configuration - File Exposure
Web Configuration File - Detect
Webpack Configuration File - Detect
Websheets Configuration File - Detect
Wgetrc Configuration File - Detect
AWS S3 keys Leak
X Prober Server - Information Disclosure
View Yii Debugger Information
Zend Configuration File
files
Certification Authority Web Enrollment (ADCS) - Detection
Angular JSON File Exposure
Apache License File
Apdisk - File Disclosure
Application Setting file disclosure
Atom Synchronization Exposure
Auth.json File - Disclosure
Axis Happyaxis Exposure
Azure Pipelines Configuration File Disclosure
Azure Resource Manager Template - File Exposure
BitBucket Pipelines Configuration Exposure
bower.json File Disclosure
Build Properties File Exposure
Bun Lock File Disclosure
Cargo Lock Packages Disclosure
Cargo TOML File Disclosure
Cloud Config File Exposure
Discover Cold Fusion cfcache.map Files
Composer-auth Json File Disclosure
Exposed Core Dump - File Disclosure
Credentials File Disclosure
Insecure cross-domain.xml file
Database Credentials File Exposure
Discover db schema files
db.xml File - Detect
DBeaver Database Connections - Detect
desktop.ini exposure
Django Secret Key Exposure
Dnsmasq Config - File Disclosure
Docker Cloud Yaml - File Disclosure
Lotus Domino Configuration Page
DS_Store File - Exposed
Dreamweaver Dwsync.xml Exposure
Elastic Kibana Config - File Disclosure
Environment Ruby File Disclosure
Exposed Spring Data REST Application-Level Profile Semantics (ALPS)
Exposed Internal PKI Infrastructure - Detect
Filezilla
Atom remote-ssh ftpconfig Exposure
Google Cloud Access Token
Google Cloud Credentials
Generic Database File - Exposure
Get Access Token Json
Git Mailmap File Disclosure
Github Gemfiles
Github pages config file
GitLab CI YAML - Exposure
GLPI Status Domain Disclosure
Go.mod Disclosure
Google Api Private Key
Google Service Json
Gradle Library Version Disclosure
Gunicorn Config File - File Disclosure
Haproxy Config - File Disclosure
.htdeployment - Files Tree Cache File
Icecast Config - File Disclosure
ICEFlow VPN Disclosure
Public .idea Folder containing files with sensitive data
ioncube Loader Wizard Disclosure
JavaScript Environment Configuration - Detect
JetBrains WebServers File - Detect
Joomla! Database File List
JsAPI Ticket Json
Keycloak JSON File
Kubernetes etcd Keys - Exposure
Lazy File Manager
Lighttpd Config File - File Disclosure
Log4j Properties - File Disclosure
Next JS Config - File Disclosure
NPM Anonymous CLI Metrics Exposure
NPM Anonymous CLI Metrics Json
Node Shrinkwrap Exposure
Hardcoded .npmrc AuthToken
NuGet Package.config File Disclosure
Nuxtjs Config File - File Disclosure
Oauth Credentials Json
OpenStack User Secrets Exposure
Oracle Application Server test-cgi Page
Pantheon upstream.yml Disclosure
PHP-CS-Fixer Cache - File Disclosure
Php.ini File Disclosure
Php User.ini Disclosure
phpunit.xml File Disclosure
PHPUnit Result Cache File Exposure
Pipeline Configuration Exposure
Pipfile.lock Disclosure
PNPM Lock Yaml File Disclosure
Putty Private Key Disclosure
Pyproject Disclosure
Ruby on Rails Secret Token Disclosure
React App Environment Js
README.md file disclosure
Redmine Configuration File - Detect
Redmine settings.yml File Disclosure
routes.ini File Exposure
Ruby on Rails storage.yml File Disclosure
Salesforce Credentials - Detect
Sass Lint File Exposure
Secret Token Ruby - File Disclosure
Ruby on Rails secrets.yml File Exposure
SendGrid Env File Exposure
Sensitive Storage Data - Detect
Service Account Credentials File Disclosure
Public shellscripts
Snyk Ignore File Disclosure
Socks5 VPN - Sensitive File Disclosure
StyleCi Yaml File Disclosure
SVN wc.db File Exposure
Symfony properties.ini File Disclosure
Symfony security.yml File Disclosure
Thumbs DB Disclosure
Token Info Json File
Token Json File Disclosure
Travis CI Disclosure
uwsgi.ini File Exposure
Vagrantfile Exposure
Vercel Config File - File Disclosure
Viminfo - File Disclosure
VSCode SFTP File Exposure
Webpack Mix File Disclosure
Webpack Sourcemap Disclosure
WGET HSTS List Exposure
WordPress Readme File
WP-CLI Yaml File Exposure
WS FTP File Disclosure
XAMPP Environment Variables Exposure
Yarn Lock File Disclosure
logs
Publicly accessible access-log file
Action Controller Exception - Page
Badarg Log File Exposure
Clockwork PHP page exposure
Detect Darkstat Reports
Delphi MVC Exception - Page
Discover development log files
Django Debug Exposure
Dozzle - Logs Exposure
ELMAH Exposure
Common Error Log Files
Event Debug Server Status
Exposed Glances API
ExpressionEngine Exception - Page
FastCGI Echo Endpoint Script - Detect
FFserver Status Detect
Firebase Debug Log File Exposure
Git Metadata Directory Exposure
Git Logs Disclosure
Go pprof Debug Page
Public .idea Folder containing http logs
Jboss Seam Debug Page Enabled
Laravel log file publicly accessible
Laravel Telescope Disclosure
LUA Runtime Error - Page
Lucee Stack Trace Error
Mako Runtime Error - Page
Microsoft Runtime Error Page
Milesight Industrial Cellular Routers - Information Disclosure
MongoDB Exception - Page
NGINX Shards Disclosure
NPM Debug Log Disclosure
Publicly accessible NPM Log file
OpenTSDB - Detect
Oracle EBS - SQL Log Disclosure
Production Log File Disclosure
Discover production log files
Pyramid Debug Toolbar
Rails Debug Mode
Redis Exception Connection Error Page
RED-V Super Digital Signage System RXV-A740R - Log Information Disclosure
Roundcube Log Disclosure
SAP Logon Error Message
Squid Analysis Report Generator
Apache Struts setup in Debug-Mode
Apache Struts Dev Mode - Detect
Teampass LDAP Debug Config - Detect
ASP.NET Trace.AXD Information Leak
Twig Runtime Error - Page
Vugex Framework Source Code - Detect
Webalizer Xtended Statistics Exposed
Discover wp-app.log Files
WS FTP File Disclosure
Yii Error Page - Detct
zm-system-log-detect
tokens
adafruit
Adafruit API Key
adobe
Adobe Client ID
Adobe OAuth Client Secret
age
Age Recipient (X25519 public key)
Age Identity (X22519 secret key)
airtable
Airtable API Key
algolia
Algolia API Key
alibaba
Alibaba Access Key ID
Alibaba Secret Key ID
amazon
Amazon MWS Auth Token
Amazon SNS Topic Disclosure
AWS Access Key ID Value
AWS Access/Secret Key Disclosure
AWS Account ID
AWS API Key
AWS Session Token
artifactory
Artifactory Password Disclosure
Artifactory API Token Disclosure
asana
Asana Client ID
Asana Client Secret
atlassian
Atlassian API Token
azure
Azure - APIM Secret Key
Azure Connection String
beamer
Beamer API Token
bitbucket
BitBucket Client ID
BitBucket Client Secret
bitly
Bitly Secret Key Disclosure
bittrex
Bittrex Access Key
Bittrex Secret Key
clojars
Clojars Token
cloudinary
Cloudinary Credentials Disclosure
codeclimate
CodeClimate Token
codecov
Codecov Access Token
coinbase
Coinbase Access Token
confluent
Confluent Access Token
Confluent Secret Key
contentful
Contentful Delivery API Token
crates
Crates.io API Key
databricks
Databricks API Token
datadog
Datadog Access Token
dependency
Dependency Track API Key
digitalocean
DigitalOcean Key Exposure via Axiom
DigitalOcean Personal Access Token
DigitalOcean Application Access Token
DigitalOcean Refresh Token
Tugboat Configuration File Exposure
discord
Discord Client ID
Discord Client Secret
Discord API Token
Discord Webhook Disclosure
docker
Docker Hub Personal Access Token
doppler
Doppler Audit Token
Doppler CLI Token
Doppler SCIM Token
Doppler Service Account Token
Doppler Service Token
Doppler API Token
droneci
Droneci Access Token
dropbox
Dropbox Access Token
Dropbox Long Lived API Token
Dropbox Short Lived API Token
Dropbox API Token
duffel
Duffel API Token
dynatrace
Dynatrace API Token
easypost
Easypost Test API Token
Easypost API Token
etsy
Etsy Access Token
facebook
Facebook Access Token
Facebook API Token
fastly
Fastly API Token
figma
Figma Personal Access Token
finicity
Finicity Client Secret
Finicity API Token
finnhub
finnhub Access Token
flickr
Flickr Access Token
flutter
Flutterwave Encryption Key
Flutterwave Public Key
Flutterwave Secret Key
frameio
Frameio API Token
freshbooks
Freshbooks Access Token
generic
Credentials Disclosure Check
Generic Tokens
JDBC Connection String Disclosure
JWT Token Disclosure
Shoppable Service Auth Token
github
GitHub App Token
GitHub OAuth Access Token
GitHub Personal Access Token
GitHub Refresh Token
gitlab
GitLab Personal Access Token
GitLab Pipeline Trigger Token
GitLab Runner Registration Token
gitter
Gitter Access Token
gocardless
Gocardless API Token
google
FCM Server Key
Google API Key
Google Calendar URI Disclosure
Google Client ID
Google OAuth Client Secret (prefixed)
Google OAuth Access Key Disclosure
grafana
Grafana Cloud API Key
Grafana API Key
Grafana Service Account Token
hashicorp
Hashicorp API Token
heroku
Heroku API Key
huggingface
HuggingFace User Access Token
jenkins
Jenkins Token or Crumb
jotform
Jotform API Key
JSON Web Key File - Exposure
linkedin
LinkedIn Client ID
LinkedIn Secret Key
loqate
Loqate API Key
mailchimp
Mailchimp API Value
mailgun
Mailgun API Key
mapbox
Mapbox Token Disclosure
microsoft
Microsoft Teams Webhook Disclosure
newrelic
Admin API Key Disclosure
New Relic API Service Key
Insights Keys Disclosure
New Relic License Key
New Relic License Key (non-suffixed)
New Relic Pixie API Key
New Relic Pixie Deploy Key
REST API Key Disclosure
Synthetics Location Key Disclosure
nextjs
Cipher Secret Key Exposure
npm
NPM Access Token (fine-grained)
nuget
NuGet API Key
odbc
ODBC Connection String
okta
Okta API Token
openai
OpenAI API Key
particle
particle.io Access Token
paypal
PayPal Braintree Access Token Disclosure
picatic
Picatic API Key Disclosure
postman
Postman API Key
pypi
PyPI Upload Token
rapid
RapidAPI Access Token
razorpay
Razorpay Client ID Disclosure
react
React App Password
React App Username
readme
Readme API Token
ruby
RubyGems API Key
salesforce
Salesforce Access Token
sauce
Sauce Token
scalingo
Scalingo API Token
segment
Segment Public API Token
sendbird
SendBird Access ID
SendBird Access Token
sendgrid
Sendgrid API Key Disclosure
sendinblue
Sendinblue API Token
sentry
Sentry Access Token
shippo
Shippo API Token
shopify
Shopify App Secret
Shopify Access Token (Custom App)
Shopify Access Token (Legacy Private App)
Shopify Private App Access Token
Shopify Access Token (Public App)
Shopify Shared Secret
sidekiq
Sidekiq Secret Token
Sidekiq Sensitive URL
slack
Slack App Token
Slack Bot token
Slack Config Access Token
Slack Config Refresh Token
Slack Legacy Bot Token
Slack Legacy Token
Slack Legacy Workspace Token
Slack User token disclosure
Slack Webhook URL
sonarqube
SonarQube Cloud Token Disclosure
SonarQube Token Disclosure
square
Square Access Token
Square OAuth Secret
squarespace
Squarespace Access Token
stackhawk
StackHawk API Key
stripe
Stripe Access Token
Stripe Restricted Key Disclosure
Stripe Secret Key Disclosure
sumologic
Sumologic Access ID
Sumologic Access Token
synk
Snyk API Token
telegram
Telegram Bot Token
thingsboard
ThingsBoard Access Token
travisci
TravisCI Access Token
truenas
TrueNAS API Key (WebSocket)
twilio
Twilio API Key
twitch
Twitch API Secret Token
twitter
Twitter API Key
Twitter API Secret Token
Twitter Bearer Token
Twitter Client ID
Twitter Secret Key
typeform
Typeform API Token
vault
Vault Batch Token
Vault Service Token
wechat
Enterprise WeChat Corpsecret Key
wireguard
WireGuard Preshared Key
WireGuard Private Key
yandex
Yandex Access Token
Yandex API Key
Yandex AWS Access Token
zapier
Zapier Webhook Disclosure
zendesk
Zendesk Secret Key
zenserp
Zenscrape API Key
Zenserp Api Key
zoho
Zoho Webhook Disclosure
fuzzing
Cache Poison Fuzzing
Header - Remote Command Injection
IIS - Short Name Detect
Linux - Local File Inclusion Fuzzing
Microsoft Access Database File - Detect
Prestashop Modules Enumeration
SSRF via Proxy Unsafe
WAF Fuzzing
WordPress Plugins Detection
WordPress Theme Detection
WordPress - Weak Credentials
X-Forwarded-For 403-forbidden bypass
global-matchers
Secrets Patterns (Rules)
honeypot
Citrix Honeypot - Detect
Dionaea HTTP Honeypot - Detect
ElasticPot Honeypot - Detect
Snare Honeypot - Detect
T-Pot Honeypot - Detect
iot
AmpGuard Wifi Setup
APC UPS Login - Detect
AutomationDirect Panel - Detect
Brother Printer
Brother Printer
CAREL Pl@ntVisor Panel
Codian MCU Login Panel - Detect
ContaCam Snapshot Images - Detect
EnvisionGateway Scheduler Panel - Detect
ePMP 2000 Login Panel - Detect
Epson WF Series Detection
GeoVision GV-SNVR0811 - Directory Traversal
Grandstream Device Configuration
Heatmiser Wifi Thermostat Panel - Detect
HomeWorks Illumination Web Keypad
Honeywell Building Control
HP Color LaserJet Detection
HP Device Info Detection
HP LaserJet Professional Panel - Detect
HUAWEI Home Gateway HG658d
HUE Personal Wireless Lighting Panel
Fuji Xerox Internet Services Panel - Detect
IoTaWatt Configuration App Exposure
IP Webcam Viewer Page - Detect
KevinLAB Devices Detection
Kyocera Printer Panel - Detect
AXIS Network Camera Live View - Detect
Loytec Device Info Detection
MOBOTIX Guest Camera Live View - Detect
Netgear Devices boardDataWW.php - Remote Command Execution
NETSurveillance Web Panel - Detect
Various Online Devices Detection (Network Camera)
NoVus IP Login Panel - Detect
NUUO Network Video Recorder Login Panel - Detect
Octoprint 3D Printer Panel - Detect
open-mjpg-streamer
Panasonic Network Camera Management System - Detect
PQube 3 Power Analyzers
QVISDVR JSF Deserialization - Remote Code Execution
Raspberry Shake Config Detection
RouterOS Router Login - Detect
Detect Selea Targa IP OCR-ANPR Camera
Snapdrop Detect
Detect Private Key on STEM Audio Table
Selea Targa IP OCR-ANPR Camera - Local File Inclusion
Selea Targa IP OCR-ANPR Camera - Unauthenticated SSRF
Ulanzi Clock Detect
Detect Basic uPNP Device
WebcamXP 5 Login Panel - Detect
Webtools Home
XP Webcam Viewer Page
Zebra Printer Detect
miscellaneous
DOM EventListener - Cross-Site Scripting
Apple app site association for harvesting end points
aws-ecs-container-agent-tasks
Azure Blob Core Service - Detect
Balada Injector Malware - Detect
Silverlight cross-domain policy
Cloudflare Transform via URL - Image Injection
Credit and Debit Card Number - Detection
Crypto Mining Malware - Detect
Defaced Website - Detection
Defacement Content - Detection
Detect DNS over HTTPS
Directory listing enabled
Directory Listing Enabled
Email Extractor
Exposed File Upload Form
External Service Interaction
Firebase Database Extract Check
Form Detection
Google FLoC Disabled
Global Privacy Control (GPC) File Disclosure
HTaccess config file
HTTP TRACE method enabled
Joomla! htaccess file disclosure
Joomla! Manifest File - Disclosure
Max-Forwards Header - Detect
Microsoft Azure Web App - Error 404
Moodle Changelog File
Netflix Conductor Version Detection
Discovering directories w/ NTLM
Find Pages with Old Copyright Dates
Allowed Options Method
RDAP WHOIS
robots.txt file
robots.txt endpoint prober
security.txt File
Seized Site
Sitemap Detection
SPNEGO - Detect
X-Recruiting Header
XML Schema Detection
misconfiguration
Ace Admin Dashboard - Detect
adobe
Adobe Connect Username Exposure
Adobe Connect Central Version
aem
Adobe AEM ACS Common Exposure
AEM BG-Servlets
AEM BulkEditor
Invalidate / Flush Cached Pages on AEM
Adobe Experience Manager Childlist Selector - Cross-Site Scripting
Adobe AEM CRX Browser Exposure
AEM Package Manager - Authentication Bypass
Adobe AEM CRX Namespace Editor Exposure
Adobe AEM CRX Search Exposed
Adobe AEM Custom Scripts Exposure
Adobe AEM Debugging Client Libraries
AEM DefaultGetServlet
Adobe AEM Disk Usage Information Disclosure
AEM Dump Content Node Properties
Adobe AEM Explorer NodeTypes Exposure
Adobe AEM External Link Checker Exposure
AEM GQLServlet
AEM Groovy Console Discovery
Query hashed password via QueryBuilder Servlet
Query JCR role via QueryBuilder Servlet
AEM Login Status
AEM MergeMetadataServlet
Adobe AEM Misc Admin Dashboard Exposure
Adobe AEM Offloading Browser
Adobe AEM Installed OSGI Bundles
AEM QueryBuilder Feed Servlet
AEM QueryBuilder Internal Path Read
AEM QueryBuilder Json Servlet
AEM Secrets - Sensitive Information Disclosure
Adobe AEM Security Users Exposure
Adobe Experience Manager - Cross-Site Scripting
Adobe AEM Sling User Info Servlet Exposure
AEM UserInfo Servlet Credentials Exposure
AEM WCM Suggestions Servlet
Adobe Experience Manager - Cross-Site Scripting
CRXDE Lite - Exposure
airflow
Airflow Debug Trace
Unauthenticated Airflow Instance
akamai
Open Akamai ARL - Cross-Site Scripting
Akamai/Amazon S3 - Cache Poisoning
Alibaba Mongoshake Unauth
Ampache Update Page Exposure
AMPPS by Softaculous Panel - Directory Listing - Detect
Android Debug Manager
apache
Apache CouchDB - Unauthenticated Access
Apache Filename Enumeration
Apache Hbase Unauth
Apache NiFi - Unauthenticated Access
Apache Server Status Disclosure
Server Status Disclosure
Apache Storm Unauth
Apache Zeppelin - Unauthenticated Access
Kafka Manager Panel - Unauthorized Access
Apache Tomcat Manager Path Normalization Panel - Detect
Apache Drill Exposure
Apache Druid Unauth
Apache Impala - Exposure
Apache Struts - ShowCase Application Exposure
APCu service information leakage
Apollo Admin Service - Unauthenticated Access
Apple CUPS Sources - Exposure
application.yaml detection
AriaNg Debug Console - Exposure
Artifactory anonymous deploy
ASP.NET Debugging Enabled
Atlantis Dashboard - Exposure
Atlassian Bamboo Build Dashboard
aws
Amazon EC2 Status
AWS bucket with Object listing
Subdomain takeover AWS S3
Amazon Web Services S3 Explorer - Detect
AWS X-Ray Sample Application
AWStats Listing
Misconfigured CDN Cache Poisoning via X-Amz-Server-Side-Encryption Header
Bitbucket Server > 4.8 - Authentication Bypass
Atlassian Bitbucket Public Repository Exposure
Blackbox Exporter Metrics Exposed
Bootstrap Admin Panel Template Panel - Detect
BRAVIA Signage - Exposure
Exposed Browserless debugger
cAdvisor - Detect
Canon R-ADV C3325 - Unauth
Casdoor <=v1.811.0 - Unauthenticated SCIM Operations
Casdoor get-users Account Password Disclosure
CGI Test page
Changedetection.io Dashboard - Exposure
ChatGPT Web - Unauthorized Access
ClickHouse API Database Interface - Improper Authorization
Clockwork Dashboard Exposure
GCP/AWS Metadata Disclosure
Cloudflare External Image Resizing Misconfiguration
Cluster Overview - Unauthenticated Dashboard Exposure
Exposed Cobbler Directories
CodeIgniter - Error Page
CodeMeter Webadmin Dashboard
Codis Dashboard Exposure
Collectd Exporter Metrics
Command API Explorer Panel - Detect
confluence
Confluence OAuth Administration Endpoint
Confluence Dashboard Exposed
Cookies without HttpOnly attribute - Detect
Cookies without Secure attribute - Detect
Coolify Register User Account - Enabled
CoreBos - .htaccess File Exposure
CX Cloud Unauthenticated Upload - Detect
D-Link - Local File Inclusion
Database Error
debug
Ampache Debug Page
Bottle debug mode enabled
Flask Werkzeug Debugger Exposure
GitHub Debug Page
SPX PHP Profiler - Default Key
DEOS OPENview Admin Panel Unauthenticated Access
Deployment Management Interface - Exposed
Dgraph Ratel Dashboard Exposure Panel - Detect
Directory Listing - No Host header
Django Debug Configuration Enabled
D-Link DAP-1325 - Information Disclosure
DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure
D-Link DNS Series CGI Script - Unauthenticated
Docker Daemon Exposed
Docker Registry Listing
Docmosis Tornado Server Exposure
DON'T PANIC Traceback
Doris Dashboard - Exposed
DragonFly Public - Signup Enabled
Alibaba Druid Monitor Unauthorized Access
drupal
Drupal User Enumration [Ajax]
Drupal User Enumeration [Redirect]
Dynamics Container Host - Detect
EC2 Instance Information
Ecology - Information Exposure
Elastic HD Dashboard Exposure
ElasticSearch Information Disclosure
Encompass CM1 Home Page - Detect
Envoy Admin Exposure
ESPEasy Mega Panel Exposure
ESPHome Dashboard Exposure
etcd Unauthenticated HTTP API Leak
Everything Server Exposure
Exposed Docker API
BlueImp jQuery-File-Upload - Arbitrary File Upload
Publicly exposed Kafdrop Interface
Exposed Kibana
ITMS-Misconfigured
SQLiteManager - Text Display
Express Stack Trace
Feiyuxing Information - Exposure
File Browser Dashboard - Unauthenticated Access
Flask Redis Queue Docker - Exposure
Forgejo Repositories - Exposure
Formalms Exposed Installation
Freshrss Admin Dashboard - Exposed
FrontPage configuration information discloure
FusionAuth Exposed Admin Setup
Ganglia Cluster Dashboard - Detect
GenieACS - Authentication Bypass (Default JWT Secret)
Git web interface
Gitea Public Registration Enabled
gitlab
GitLab - User Information Disclosure Via Open API
GitLab public repositories
GitLab public signup
GitLab public snippets
Uninitialized GitLab instances
GitLab - User Enumeration
GitList Disclosure
Global Traffic Statistics Exposure
GLPI Directory Listing
gocd
GoCd Cruise Configuration disclosure
GoCd Encryption Key
GoCd Unauth Dashboard
google
Insecure Firebase Database
Gopher Server - Exposure
Grafana Public Signup
graphql
GraphQL Alias-based Batching
GraphQL Array-based Batching
GraphQL Field Suggestion Information Disclosure
GraphQL CSRF / GET method
GraphQL Playground
Grav Register Admin User - Detect
h2o
H2O - Arbitrary Path Lookup
H2O Dashboard - Exposure
Apache Hadoop YARN ResourceManager - Remote Code Execution
Detect Haproxy Exporter
HAProxy Statistics Page - Detect
Hashicorp Consul API Unauthenticated
Healthchecks UI Exposure
Helm Dashboard - Exposure
HFS Exposure
Hikvision Springboot Env Actuator - Detect
HiveQueue Agent
hp
Unauthorized HP Printer
Unauthorized HP office pro printer
HPE System Management Anonymous Access
HTTP Missing Security Headers
HTTPS to HTTP redirect Misconfiguration
IBM Websphere Friendly Path Exposure
IBM WebSphere Application - Source File Exposure
Imgproxy Unauthorized Access
installer
ActiveCollab Installation Page - Exposure
Acunetix 360 Installer
AdGuard - Installation
Akeeba Backup Installer - Exposure
Alma Installation Exposure
Ampache Music Installer
Atlassian Bamboo Setup Wizard
AVideo Installer - Detect
Bagisto Installer Exposure
baserCMS Installation - Exposure
Binom Installer Exposure
Bitrix24 Installation Exposure
Blesta Installer Exposure
Businesso Installer Exposure
Call.com Setup Page - Exposure
Chamilo Installer Exposure
CirCarLife - Installer
ClipBucket Installer - Exposure
CloudCenter Installer Exposure
CMS Made Simple Installation Page - Exposure
Codeigniter Application Installer Exposure
Combodo iTop Installer/Upgrade - Exposure
Concrete Installer
Confluence Installation Page - Exposure
ConnectWise Setup Wizard - Exposure
Contentify Installer Exposure
Cube-105 - Exposed Installation
CubeBackup Setup Page - Exposure
XOOPS Custom - Installation
Discourse Installer Exposure
DokuWiki Install Exposure
Dolibarr Installer
Dolphin Installer - Exposure
Drupal Install
Easy Installer by ViserLab - Exposure
Easy-WI Installation Page - Exposure
Easyscripts Installer
EJBCA Enterprise Cloud Configuration Wizard - Exposure
Elgg - Installation
Emlog Pro - Installation
EShop Installer Exposure
ESPEasy Installation Exposure
Espocrm Installer
EyouCMS - Installation
FacturaScripts Installer Exposure
Flarum Installation Page - Exposure
FleetCart Installation Page - Exposure
Forgejo Installation Page - Exposure
FOSSBilling - Installation
FreshRSS - Installation
Froxlor Server Management - Installer
GeniusOcean Installer Exposure
GetSimple CMS - Installer
Gibbon Installer - Exposure
Gitea Installer Exposure
GLPI Installation Page - Exposure
Gogs (Go Git Service) - Installer
GROWI Installer - Exposure
IDP Skills Installer - Exposure
ImpressPages Installer
Imprivata Appliance Installation Exposure
Indegy Sensor Setup - Installer
Invicti Enterprise Installation Page - Exposure
Invoice Ninja Setup Page - Exposure
Jackett - Installer
jfa-go Setup Page - Exposure
Atlassian JIRA Setup - Installer
Joomla! Installer Exposure
JustFans Installation Page - Exposure
KLR 300N Router - Exposed Installation
KnowledgeTree Installer Exposure
Kodbox Installation Page - Exposure
LibreNMS Installation Page - Exposure
Limesurvey Installer Exposure
LMSZAI Installer Exposure
Lychee Installer
Magento Installation Wizard
Magnolia CMS Installer
MantisBT Installation Exposure
Matomo Installer Exposure
Mautic Installer Exposure
mCloud Panel - Installer
MetaView Explorer Installer
Monstra Installation Exposure
Moodle Installation Exposure
mooSocial Installation - Exposure
mosparo Exposed Installation
Mura CMS Setup Page - Exposure
Nagios Log Server - Install
Nagios XI Installer
Navidrome Admin User Creation
Netsparker Enterprise Installer
NginX Auto Installer Exposure
NodeBB Web Installer
nopCommerce Installer - Detect
OctoPrint Installation Page - Exposure
Open Journal Systems Installer - Exposure
OnlyOffice Wizard Page - Exposure
Open Web Analytics Installer - Exposure
OpenEMR Setup Installation Page - Exposure
Openfire Setup - Exposure
OpenMage Installation Wizard
OpenShift Assisted Installer Panel - Detect
openSIS Installation Wizard
OrangeHrm Installer
Orangescrum Exposed Installation
Orchard Setup Wizard - Exposure
OwnCloud Installer Exposure
Oxid EShop Installer Exposure
Pagekit Installer Exposure
Pandora FMS Installation Page - Exposure
Permissions Installer Exposure
phpBB Installation File Exposure
PhpGedView Installer Exposure
PHP IPAM Installation Page - Exposed
phpMyFAQ Installation - Exposure
phpwind Installer Exposure
Piwigo Installation Page - Exposure
Piwik Installer Exposure
PMM Installation Wizard
Poste.io - Installer
First Poste.io Configuration Installation Wizard
Prestashop Installer Exposure
ProcessWire 3.x Installer Exposure
ProfitTrailer Setup Page - Exposure
ProjectSend Installation Page - Exposure
QloApps - Installation
QuickCMS Installation Wizard
Redash Installer Exposure
Ruckus SmartZone Exposed Installation
Ruckus Unleashed Exposed Installation
SABnzbd Quick-Start Wizard - Exposure
Server Monitor Installer
Setup GitHub Enterprise - Detect
SEO King - Shopify App — Installer
Shopware Installer
SMF Installer
SMS Gateway Installation
Snipe-IT Setup Page - Exposure
SPA Cart - Installer
SPIP Install - Exposure
StackPosts Installation Page - Exposure
Strapi Admin - Installer
Subrion CMS Web Installer - Exposure
SugarCRM Exposed Installation
SuiteCRM Installer Exposure
SumoWebTools Installer Exposure
Tasmota Installer Exposure
TastyIgniter Setup Page - Exposure
Tautulli - Exposed Installation
TestRail Installation Wizard
Tiny Tiny RSS Installer Exposure
Trilium Notes Installer - Exposure
Turbo Website Reviewer Installer Panel
TYPO3 Installer
Ubersmith Setup Page - Exposure
Umbraco Install - Exposure
UniFi Wizard Installer
UVDesk Helpdesk Installation Page - Exposure
UVDesk Installation Wizard
Vironeer Installer - Exposure
Virtual SmartZone Setup Wizard - Exposure
Vtiger CRM Installer Exposure
Webasyst Installer Exposure
WebCalendar Exposed Installation
WebTrees Exposed Installation
Webuzo Installer
Wiki.js Setup - Exposure
WoW CMS Installer Exposure
WoWonder Installation Page - Exposure
WordPress Exposed Installation
XBackBone Installer - Exposure
YzmCMS - Installer
Zabbix Installation Exposure
Zen Cart Installer
Zenphoto <1.5 Installer - Detect
Intelbras DVR - Unrestricted Access
Intercom Identity Verification Misconfiguration
Internal IP Disclosure
IoT vDME Simulator Panel - Detect
Jackett UI - Unauthenticated
Jaeger UI
JavaMelody Monitoring Exposed
JBoss Management Console Server Information Page - Detect
JBoss Web Service Console - Detect
jenkins
Jenkins Open User registration
Jetty showContexts Enable in DefaultHandler
jolokia
Jolokia - Information disclosure
Jolokia - Searching MBeans
Jupyter ipython - Authorization Bypass
Jupyter Lab - Unauthenticated Access
Jupyter notebooks exposed to reading and writing
Kafka Cruise Control UI
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)
Kubeflow Unauth
kubernetes
Kube State Metrics Exposure
Detect Kubernetes Exposed Metrics
Kubernetes Pods - API Discovery & Remote Code Execution
Detect Overview Kubernetes Resource Report
Etcd Server - Unauthenticated Access
Label Studio - Sign-up Detect
Laragon - phpinfo Disclosure
Laravel Debug Enabled
Larvel Debug Method Enabled
Laravel Debug Info Leak
Laravel Horizon Dashboard - Unauthenticated
Less History - File Disclosure
Libvirt Exporter Metrics
Lidarr Dashboard - Unauthenticated
liferay
Liferay /api/liferay - API Exposed
Liferay /api/axis - API Exposed
Liferay /api/jsonws - API Exposed
Linkerd SSRF detection
LinkTap Gateway Exposure
Locust Exposure
LVM Exporter Metrics
Manage Cabinet Register - Exposed
Manage Engine AD Search
microsoft
ASP.NET Core Development Environment - Exposure
Microsoft Exchange Autodiscover - Local Domain Exposure
Mingyu Operation xmlrpc.sock - User Addition
Misconfigured Concrete5
Docker Container - Misconfiguration Exposure
Missing Subresource Integrity
Mixed Active Content
Mixed Passive Content
Mlflow - Unauthenticated Access
MobiProxy Dashboard - Detect
MobSF Framework - Exposure
Moleculer Microservices Project
MongoD Server - Exposure
MongoDB Exporter - Detect
Microsoft Exchange Autodiscover - User Enumeration
Multilaser Pro Setup Page - Detect
Mysql History - File Disclosure
MySQL Exporter Panel - Detect
nacos
Alibaba Nacos - Unauthorized Account Creation
Nacos < 2.2.0 - Authentication Bypass
Named Process Exporter
NetAlert X Admin Dashboard - Exposed
netdisco
Netdisco - Unauth Access
Nextcloud Exposed Installation
nginx
Nginx Plus Rest API - Traversal
Nginx Status Page
Nginx Vhost Traffic Status
Ngrok Status Page
Detect Node Exporter Metrics
Node.js Express NODE_ENV Development Mode
Node Express Status - Detect
Nomad - Exposed Jobs
ntop Network Traffix Exposed
Ntopng Traffic Dashboard - Detect
Odoo - Unprotected Database
Office365 Autodiscover - Open Redirect
OneinStack Control Center Dashboard - Detect
openbmcs
OpenBMCS 2.4 - Information Disclosure
OpenBMCS 2.4 - Server-Side Request Forgery / Remote File Inclusion
Openstack - Infomation Disclosure
Oracle Reports Services - Servlet
Pa11y Dashboard Exposure
PCDN Cache Node Dataset
pCOWeb - Unauth
perfSONAR Toolkit - Exposure
PgHero Dashboard Exposure Panel - Detect
Pgwatch2 DBs to monitor - Exposure
php
PHP Composer Binary - Exposure
Php Debug Bar - Exposure
PHP errors
PHP-FPM Status
PHP Development Server <= 7.4.21 - Remote Source Disclosure
PHP CLI Server Stack Trace
phpMemcachedAdmin Panel
phpmyadmin
phpmyadmin Data Exposure
PhpMyAdmin Server Import Page - Detect
PhpMyAdmin Setup File - Detect
PHPnow works - Exposure
PinPoint Unauth
Postgres Exporter Metrics
Private key exposure via helper detector
prometheus
Prometheus Config API Endpoint Discovery
Prometheus exporter detect
Prometheus flags API endpoint
Exposed Prometheus
Prometheus targets API endpoint
Prometheus Monitoring System - Unauthenticated
Prometheus Promtail - Exposure
Prowlarr Dashboard - Unauthenticated
proxy
Alibaba Metadata Service Check
Amazon AWS Metadata Service Check
Microsoft Azure Cloud Metadata Service Check
DigitalOcean Metadata Service Check
Google GCP Metadata Service Check
Hetzner Cloud Metadata Service Check
Openstack Metadata Service Check
Oracle Cloud Metadata Service Check
Open Proxy To External Network
Open Proxy To Internal Network
Open Proxy to Other Web Ports via Proxy's localhost Interface
Open Proxy to Ports on the Proxy's localhost Interface
PuppetDB Dashboard - Detect
PUT Method Enabled
Detect Python Exposed Metrics
QuestDB Console - Detect
QVidium Management System Exposed
RabbitMQ Exporter
rack-mini-profiler - Environment Information Disclosure
Radarr Dashboard - Unauthenticated
Ray Dashboard Exposure
Readarr Dashboard - Unauthenticated
Redpanda Console - Exposure
Rekognition Image Validation Debug UI Panel - Detect
Repetier Server Dashboard - Unauthenticated
Request Baskets - Exposure
RethinkDB Administration Console - Detect
ROOT - Path Disclosure
Roxy Fileman 1.4.4 - Arbitrary File Upload
Amazon S3 Torrent Download - Detect
Salesforce Lightning - API Detection
Salesforce Community Misconfiguration
sap
SAP Directory Listing
SAP NetWeaver ICM Info page leak
SAP ICM Admin Web Interface
Safe Search Replace Exposure
Secnet Intelligent Routing System actpt_5g.data - Information Leak
Seeyon Unauthorised Access
Selenium - Node Exposure
Sentinel License Monitor - Detect
Seq Dashboard - Unauthenticated
Server Status Panel - Detect
service.pwd - Sensitive Information Disclosure
Service Now - Title Injection
ServiceNow Widget-Simple-List - Misconfiguration
SFTPGo Admin - Setup
Shell History
SiteCore Debug Page
Sitecore 9.3 - Webroot File Read
SkyCaiji - Exposed Installation
Slurm HPC Dashboard - Detect
SmarterStats Setup Exposure
SmokePing Latency Page for Network Latency Grapher
Solr - Admin Page Access
SonarQube - Information Disclosure
Sonarqube with public projects
Sonarr Dashboard - Unauthenticated
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
SOUND4 Impact/Pulse/First/Eco <=2.x - Information Disclosure
SpiderControl SCADA Web Server - Sensitive Information Exposure
springboot
Spring Eureka Exposure
Spring Boot AuditEvents Actuator Panel - Detect
Detect Springboot autoconfig Actuator
Detect Springboot Beans Actuator
Springboot Actuator Caches
Detect Springboot Conditions Actuator
Detect Springboot Configprops Actuator
Detect Springboot Dump Actuator
Springboot Env Actuator - Detect
Detects Springboot Features Actuator
Springboot Flyway API
Detect Spring Gateway Actuator
Spring Boot Health Actuator Panel - Detect
Spring Boot Actuator - Heap Dump Detection
Detect Springboot httptrace
Spring Boot Information Panel - Detect
Springboot Actuator integrationgraph
Detects Springboot Jolokia Actuator
Springboot Liquidbase API
Detects Springboot Logfile Actuator
Spring Boot LoggerConfig Actuator Panel - Detect
Detect Springboot Loggers
Detect Springboot Mappings Actuator
Detect Springboot metrics Actuator
Spring Boot Scheduledtasks Actuator Panel - Detect
Springboot Actuator startup
Spring Boot Status Actuator Panel - Detect
Detect Springboot Thread Dump page
Detect Springboot Trace Actuator
SQL Server ReportViewer - Exposure
SSRF due to misconfiguration in OAuth
SSRPM - Arbitary Password Reset on Default Client Interface Installation
Apache Struts - OGNL Console
symfony
Symfony Debug Mode
Symfony _fragment - Default Key RCE
Symfony FOSJsRoutingBundle
Symfony _fragment - Detect
Syncthing Dashboard Exposure
System Properties Exposure
Tasmota Configuration Exposure
Rockwell Automation TCP/IP Configuration Information - Detect
teamcity
JetBrains TeamCity - Guest User Access Enabled
JetBrains TeamCity - Registration Enabled
TeslaMate - Unauthenticated Access
Thanos Prometheus Setup - Exposure
ThinkPHP Errors - Sensitive Information Exposure
Tiny File Manager - Unauthorized Access
TitanNit Web Control - Exposure
TLS SNI Proxy Detection
Tomcat Cookie Exposed
Apache Tomcat Example Scripts - Detect
Tomcat Stack Traces Enabled
Transmission Dashboard - Detect
Typo3 composer.json Exposure
TYPO3 Debug Mode Enabled
Apache Kafka - Unauthorized UI Exposure
Unauthenticated Axyom Network Manager
Celery Flower - Unauthenticated Access
Cyber Power Systems - Unauthenticated
Unauthenticated Etherpad
Fastvue Dashboard Panel - Unauthenticated Detect
KubeCost - Unauthenticated Dashboard Exposure
Unauthenticated LDAP Account Manager
Unauthenticated Mautic Upgrade.php Exposure
Unauthenticated Mercurial Detect
Opache control Panel - Unauthenticated Access
RedisInsight - Unauthenticated Access
Selenium Grid Console - Detect
Temporal Web UI - Unauthenticated Access
Wavlink Panel - Unauthenticated Access
Unauthenticated ZWave To MQTT Console
Alert Manager - Unauthenticated Access
Glances Unauthenticated Panel
Glowroot Anonymous User
Unauthenticated Lansweeper Instance
Mongo Express - Unauthenticated Access
Unauthenticated Netdata
Nginx Dashboard
Unauthenticated Popup File Upload - Detect
PRTG Traffic Grapher - Unauthenticated Access
Tensorflow Tensorboard - Unauthenticated Access
Varnish Unauthenticated Cache Purge
Zipkin Discovery
H3C Server - Unauthenticated Access
Plastic Admin Console - Authentication Bypass
Puppet Node Manager - Unauthorized Access
UniGUI Server Monitor Panel - Exposure
Untangle Exposed Admin Signup
APC UPC Multimon Status Page - Detect
V2X Control - Dashboard Exposure
Vercel Source Code Exposure
VerneMQ Status Page
ViewPoint System Status
default-wamp-server-page
WAMP Xdebug - Detect
Webalizer Statistics Information Disclosure
WebDAV Protocol - Detect
Whisparr Dashboard - Unauthenticated
postMessage - Cross-Site Scripting
Woodwing Studio Server - Git Config
Woodwing Studio Server - Phpinfo Config
WordPress User Registration Panel - Detect
XSS-Protection Header - Cross-Site Scripting
zabbix-dashboards-access
Zabbix Panel - Detect
Zenphoto Installation Sensitive Information
Zhiyuan Oa Unauthorized
osint
phishing
1password phishing Detection
adobe phishing Detection
aliexpress phishing Detection
Amazon phishing Detection
amazon web services phishing Detection
american-express phishing Detection
anydesk phishing Detection
avast phishing Detection
avg phishing Detection
Bank Of America phishing Detection
battlenet phishing Detection
best buy phishing Detection
bitdefender phishing Detection
bitwarden phishing Detection
blender phishing Detection
booking phishing Detection
box phishing Detection
brave phishing Detection
brighthr phishing Detection
ccleaner phishing Detection
Chase phishing Detection
chrome phishing Detection
costa phishing Detection
dashlane phishing Detection
deezer phishing Detection
deliveroo phishing Detection
digital ocean phishing Detection
Discord phishing Detection
disneyplus phishing Detection
dropbox phishing Detection
duckduckgo phishing Detection
ebay phishing Detection
edge phishing Detection
ee phishing Detection
eset phishing Detection
evernote phishing Detection
Facebook phishing Detection
figma phishing Detection
filezilla phishing Detection
firefox phishing Detection
gimp phishing Detection
github phishing Detection
Google phishing Detection
iCloud phishing Detection
instagram phishing Detection
kakao login phishing Detection
kaspersky phishing Detection
kayak phishing Detection
keepass phishing Detection
keepersecurity phishing Detection
keybase phishing Detection
lastpass phishing Detection
libre office phishing Detection
linkedin phishing Detection
malwarebytes phishing Detection
mcafee phishing Detection
mega phishing Detection
messenger phishing Detection
microcenter phishing Detection
Microsoft phishing Detection
microsoft teams phishing Detection
naver login phishing Detection
netflix phishing Detection
nordpass phishing Detection
norton phishing Detection
notion phishing Detection
o2 phishing Detection
openai phishing Detection
opera phishing Detection
paramountplus phishing Detection
Paypal phishing Detection
pcloud phishing Detection
pinterest phishing Detection
plusnet phishing Detection
proton phishing Detection
putty phishing Detection
python phishing Detection
quora phishing Detection
reddit phishing Detection
roblox phishing Detection
roboform phishing Detection
royal-mail phishing Detection
samsung phishing Detection
signal phishing Detection
sky phishing Detection
skype phishing Detection
skyscanner phishing Detection
slack phishing Detection
sophos phishing Detection
spotify phishing Detection
steam phishing Detection
sync storage phishing Detection
target phishing Detection
teamviewer phishing Detection
telegram phishing Detection
three phishing Detection
thunderbird phishing Detection
ticket master phishing Detection
tiktok phishing Detection
trading212 phishing Detection
trend micro phishing Detection
trip phishing Detection
Twitch phishing Detection
uber phishing Detection
visual studio code phishing Detection
vlc media phishing Detection
vodafone phishing Detection
vultr phishing Detection
walmart phishing Detection
wetransfer phishing Detection
Whatsapp phishing Detection
Wikipedia phishing Detection
winscp phishing Detection
Yahoo phishing Detection
zoom phishing Detection
user-enumeration
1001mem User Name Information - Detect
21buttons User Name Information - Detect
247sports User Name Information - Detect
3DNews User Name Information - Detect
3dtoday User Name Information - Detect
7cup User Name Information - Detect
7dach User Name Information - Detect
Aaha chat User Name Information - Detect
About.me User Name Information - Detect
ACF User Name Information - Detect
Admire me User Name Information - Detect
Adult Forum User Name Information - Detect
Adultism User Name Information - Detect
ADVFN User Name Information - Detect
Aflam User Name Information - Detect
Airline Pilot Life User Name Information - Detect
Airliners User Name Information - Detect
Akniga User Name Information - Detect
Albicla User Name Information - Detect
Alik User Name Information - Detect
Allesovercrypto User Name Information - Detect
Allmylinks User Name Information - Detect
Alloannonces User Name Information - Detect
AllTrails User Name Information - Detect
Ameblo User Name Information - Detect
AmericanThinker User Name Information - Detect
AnimePlanet User Name Information - Detect
ANobii User Name Information - Detect
Anonup User Name Information - Detect
Apex Legends User Name Information - Detect
Appian User Name Information - Detect
Apteka User Name Information - Detect
Archive Of Our Own Account User Name Information - Detect
Arduino User Name Information - Detect
ArmorGames User Name Information - Detect
ArtBreeder User Name Information - Detect
Artists & Clients User Name Information - Detect
ArtStation User Name Information - Detect
Asciinema User Name Information - Detect
Ask.fm User Name Information - Detect
Audiojungle User Name Information - Detect
Au.ru User Name Information - Detect
AuthorSTREAM User Name Information - Detect
Avid Community User Name Information - Detect
Babepedia User Name Information - Detect
BabyPips User Name Information - Detect
Bandcamp User Name Information - Detect
Bandlab User Name Information - Detect
Bblog ru User Name Information - Detect
BDSMLR User Name Information - Detect
Bdsmsingles User Name Information - Detect
Behance User Name Information - Detect
Bentbox User Name Information - Detect
BiggerPockets User Name Information - Detect
BIGO Live User Name Information - Detect
Bikemap User Name Information - Detect
Bimpos User Name Information - Detect
Biolink User Name Information - Detect
Bitbucket User Name Information - Detect
Bitchute User Name Information - Detect
Bitcoin forum User Name Information - Detect
Bittube User Name Information - Detect
BLIP.fm User Name Information - Detect
Blogger User Name Information - Detect
Blogi.pl User Name Information - Detect
Blogmarks User Name Information - Detect
Blogspot User Name Information - Detect
BodyBuilding.com User Name Information - Detect
Bonga cams User Name Information - Detect
Bookcrossing User Name Information - Detect
Boosty User Name Information - Detect
Booth User Name Information - Detect
Breach Forums User Name Information - Detect
Brickset User Name Information - Detect
Bugcrowd User Name Information - Detect
Bunpro User Name Information - Detect
Buymeacoffee User Name Information - Detect
BuzzFeed User Name Information - Detect
Buzznet User Name Information - Detect
Cafecito User Name Information - Detect
Cal User Name Information - Detect
Calendy User Name Information - Detect
Cameo User Name Information - Detect
Carbonmade User Name Information - Detect
Career.habr User Name Information - Detect
CaringBridge User Name Information - Detect
Carrd.co User Name Information - Detect
Cash.app User Name Information - Detect
CastingCallClub User Name Information - Detect
CD-Action User Name Information - Detect
Cda.pl User Name Information - Detect
Championat User Name Information - Detect
Chamsko User Name Information - Detect
Chaturbate User Name Information - Detect
CHEEZburger User Name Information - Detect
Chess.com User Name Information - Detect
Chomikuj.pl User Name Information - Detect
Chyoa User Name Information - Detect
Climatejustice.rocks (Mastodon Instance) User Name Information - Detect
Cloudflare User Name Information - Detect
Clubhouse User Name Information - Detect
Clusterdafrica User Name Information - Detect
Cnet User Name Information - Detect
Codeberg User Name Information - Detect
Codecademy User Name Information - Detect
Codeforces User Name Information - Detect
Codementor User Name Information - Detect
Coderwall User Name Information - Detect
Codewars User Name Information - Detect
Cohost User Name Information - Detect
COLOURlovers User Name Information - Detect
Contactos.sex User Name Information - Detect
Coroflot User Name Information - Detect
Couchsurfing User Name Information - Detect
Cowboys4angels User Name Information - Detect
Cracked User Name Information - Detect
Cracked io User Name Information - Detect
Crevado User Name Information - Detect
Crowdin User Name Information - Detect
CTFLearn User Name Information - Detect
Cults3D User Name Information - Detect
Curiouscat User Name Information - Detect
Cytoid User Name Information - Detect
Dailymotion User Name Information - Detect
Darudar User Name Information - Detect
Dateinasia User Name Information - Detect
Datezone User Name Information - Detect
Dating.ru User Name Information - Detect
Demotywatory User Name Information - Detect
Depop User Name Information - Detect
Designspriation User Name Information - Detect
Destructoid User Name Information - Detect
DeviantArt User Name Information - Detect
DevRant User Name Information - Detect
Dev.to User Name Information - Detect
Dfgames User Name Information - Detect
Diablo User Name Information - Detect
DIBIZ User Name Information - Detect
Digitalspy User Name Information - Detect
Diigo User Name Information - Detect
Disabled.rocks (Mastodon Instance) User Name Information - Detect
Discogs User Name Information - Detect
Discourse User Name Information - Detect
Discuss.elastic.co User Name Information - Detect
Discuss.social (Mastodon Instance) User Name Information - Detect
Disqus User Name Information - Detect
Dissenter User Name Information - Detect
DockerHub User Name Information - Detect
Dojoverse User Name Information - Detect
Donation Alerts User Name Information - Detect
Dot.cards User Name Information - Detect
Dribbble User Name Information - Detect
Droners User Name Information - Detect
Drum User Name Information - Detect
Duolingo User Name Information - Detect
Easyen User Name Information - Detect
EBay User Name Information - Detect
Ebay stores User Name Information - Detect
Ello.co User Name Information - Detect
Engadget User Name Information - Detect
EPORNER User Name Information - Detect
EToro User Name Information - Detect
Etsy User Name Information - Detect
Expressional.social (Mastodon Instance) User Name Information - Detect
ExtraLunchMoney User Name Information - Detect
Eyeem User Name Information - Detect
F3 User Name Information - Detect
Fabswingers User Name Information - Detect
Facebook Page Name Information - Detect
Faktopedia User Name Information - Detect
FanCentro User Name Information - Detect
Fandalism User Name Information - Detect
Fandom User Name Information - Detect
Fanpop User Name Information - Detect
Fansly User Name Information - Detect
Fark User Name Information - Detect
Farkascity User Name Information - Detect
FatSecret User Name Information - Detect
Fcv User Name Information - Detect
Federated.press (Mastodon Instance) User Name Information - Detect
Figma User Name Information - Detect
Filmweb User Name Information - Detect
Fine art america User Name Information - Detect
Fiverr User Name Information - Detect
Flickr User Name Information - Detect
Flipboard User Name Information - Detect
Flowcode User Name Information - Detect
Fodors Forum User Name Information - Detect
Fortnite Tracker User Name Information - Detect
Forumprawne.org User Name Information - Detect
Fosstodon.org (Mastodon Instance) User Name Information - Detect
Fotka User Name Information - Detect
Foursquare User Name Information - Detect
Freelancer User Name Information - Detect
Freesound User Name Information - Detect
FriendFinder User Name Information - Detect
FriendFinder-X User Name Information - Detect
Friendweb User Name Information - Detect
FurAffinity User Name Information - Detect
Furiffic User Name Information - Detect
Gab User Name Information - Detect
Game debate User Name Information - Detect
Gamespot User Name Information - Detect
Garmin connect User Name Information - Detect
Geocaching User Name Information - Detect
Getmonero User Name Information - Detect
Gettr User Name Information - Detect
Gfycat User Name Information - Detect
Gigapan User Name Information - Detect
Giphy User Name Information - Detect
Girlfriendsmeet User Name Information - Detect
Gist User Name Information - Detect
Gitea User Name Information - Detect
Gitee User Name Information - Detect
Giters User Name Information - Detect
GitHub User Name Information - Detect
GitLab User Name Information - Detect
Gloria.tv User Name Information - Detect
Gnome extensions User Name Information - Detect
Gpodder.net User Name Information - Detect
Grandprof User Name Information - Detect
Graphics.social (Mastodon Instance) User Name Information - Detect
Gravatar User Name Information - Detect
Gumroad User Name Information - Detect
Hackaday User Name Information - Detect
Hackenproof User Name Information - Detect
Hacker News User Name Information - Detect
Hackerearth User Name Information - Detect
Hackernoon User Name Information - Detect
HackerOne User Name Information - Detect
HackerRank User Name Information - Detect
Hackster User Name Information - Detect
Hamaha User Name Information - Detect
Hanime User Name Information - Detect
Hashnode User Name Information - Detect
Hcommons.social (Mastodon Instance) User Name Information - Detect
Heylink User Name Information - Detect
Hiberworld User Name Information - Detect
HiHello User Name Information - Detect
Historians.social (Mastodon Instance) User Name Information - Detect
HomeDesign3D User Name Information - Detect
Hometech.social (Mastodon Instance) User Name Information - Detect
Hoo.be User Name Information - Detect
Hostux.social (Mastodon Instance) User Name Information - Detect
Houzz User Name Information - Detect
HubPages User Name Information - Detect
Hubski User Name Information - Detect
Hugging face User Name Information - Detect
Iconfinder User Name Information - Detect
Icq-chat User Name Information - Detect
IFTTT User Name Information - Detect
Ifunny User Name Information - Detect
Igromania User Name Information - Detect
Ilovegrowingmarijuana User Name Information - Detect
Imagefap User Name Information - Detect
ImageShack User Name Information - Detect
ImgBB User Name Information - Detect
IMGSRC.RU User Name Information - Detect
Imgur User Name Information - Detect
Inaturalist User Name Information - Detect
Independent academia User Name Information - Detect
InkBunny User Name Information - Detect
InsaneJournal User Name Information - Detect
Instagram User Name Information - Detect
Instructables User Name Information - Detect
Internet Archive Account User Name Information - Detect
Internet Archive User Search User Name Information - Detect
Interpals User Name Information - Detect
Intigriti User Name Information - Detect
IsMyGirl User Name Information - Detect
Issuu User Name Information - Detect
Itch.io User Name Information - Detect
Japandict User Name Information - Detect
JBZD User Name Information - Detect
Jeja.pl User Name Information - Detect
Jeuxvideo User Name Information - Detect
Joe Monster User Name Information - Detect
JSFiddle User Name Information - Detect
Justforfans User Name Information - Detect
Kaggle User Name Information - Detect
Karab.in User Name Information - Detect
Keybase User Name Information - Detect
Kickstarter User Name Information - Detect
Kik User Name Information - Detect
Kipin User Name Information - Detect
KnowYourMeme User Name Information - Detect
Ko-Fi User Name Information - Detect
Kongregate User Name Information - Detect
Kotburger User Name Information - Detect
Kwejk.pl User Name Information - Detect
LibraryThing User Name Information - Detect
Libretooth.gr (Mastodon Instance) User Name Information - Detect
Lichess User Name Information - Detect
Likeevideo User Name Information - Detect
LINE User Name Information - Detect
Linktree User Name Information - Detect
Linux.org.ru User Name Information - Detect
Litmind.club (Mastodon Instance) User Name Information - Detect
Livejournal User Name Information - Detect
Livemaster.ru User Name Information - Detect
Lobste.rs User Name Information - Detect
Lor.sh (Mastodon Instance) User Name Information - Detect
Love ru User Name Information - Detect
Lowcygier.pl User Name Information - Detect
MAGA-CHAT User Name Information - Detect
MAGABOOK User Name Information - Detect
Magix User Name Information - Detect
The Mail Archive Information
MANYVIDS User Name Information - Detect
MapMyTracks User Name Information - Detect
Mapstodon.space (Mastodon Instance) User Name Information - Detect
Maroc nl User Name Information - Detect
Marshmallow User Name Information - Detect
Martech User Name Information - Detect
Massage Anywhere User Name Information - Detect
Masto.ai User Name Information - Detect
Mastodon-101010.pl User Name Information - Detect
Mastodon-API User Name Information - Detect
Mastodon-Chaos.social User Name Information - Detect
Mastodon-climatejustice.rocks User Name Information - Detect
Mastodon-counter.social User Name Information - Detect
Mastodon-Defcon User Name Information - Detect
Mastodon-EU Voice User Name Information - Detect
Mastodon-mastodon User Name Information - Detect
Mastodon-meow.social User Name Information - Detect
Mastodon-mstdn.io User Name Information - Detect
Mastodon-pol.social User Name Information - Detect
Mastodon-rigcz.club User Name Information - Detect
Mastodon-social tchncs User Name Information - Detect
Mastodon-tfl.net.pl User Name Information - Detect
Mastodon-Toot.Community User Name Information - Detect
Mastodonbooks.net (Mastodon Instance) User Name Information - Detect
Mastodon.chasedem.dev (Mastodon Instance) User Name Information - Detect
Mastodon.online User Name Information - Detect
Masto.nyc (Mastodon Instance) User Name Information - Detect
Mas.town (Mastodon Instance) User Name Information - Detect
MCName (Minecraft) User Name Information - Detect
MCUUID (Minecraft) User Name Information - Detect
Mediakits User Name Information - Detect
Medium User Name Information - Detect
Medyczka.pl User Name Information - Detect
Meet me User Name Information - Detect
Megamodels.pl User Name Information - Detect
Memrise User Name Information - Detect
Message me User Name Information - Detect
Metacritic User Name Information - Detect
Microsoft Technet Community User Name Information - Detect
Minds User Name Information - Detect
Minecraft List User Name Information - Detect
Mintme User Name Information - Detect
Mistrzowie User Name Information - Detect
Mix User Name Information - Detect
Mixi User Name Information - Detect
Mixlr User Name Information - Detect
Mmorpg User Name Information - Detect
Mod DB User Name Information - Detect
Moneysavingexpert User Name Information - Detect
Motokiller User Name Information - Detect
Moxfield User Name Information - Detect
Muck Rack User Name Information - Detect
Musician.social (Mastodon Instance) User Name Information - Detect
Musictraveler User Name Information - Detect
My instants User Name Information - Detect
MyAnimeList User Name Information - Detect
MyBuilder.com User Name Information - Detect
MyFitnessPal Author User Name Information - Detect
MyFitnessPal Community User Name Information - Detect
MyLot User Name Information - Detect
Mym.fans User Name Information - Detect
Myportfolio User Name Information - Detect
MySpace User Name Information - Detect
Myspreadshop User Name Information - Detect
Naija planet User Name Information - Detect
Nairaland User Name Information - Detect
NaturalNews User Name Information - Detect
Naver User Name Information - Detect
Netvibes User Name Information - Detect
Newgrounds User Name Information - Detect
Newmeet User Name Information - Detect
Nihbuatjajan User Name Information - Detect
Nitecrew (Mastodon Instance) User Name Information - Detect
Nnru User Name Information - Detect
NotABug User Name Information - Detect
Note User Name Information - Detect
NPMjs User Name Information - Detect
Oglaszamy24h.pl User Name Information - Detect
Ogu.gg User Name Information - Detect
Okidoki User Name Information - Detect
Ok.ru User Name Information - Detect
Olx User Name Information - Detect
Omlet User Name Information - Detect
Opencollective User Name Information - Detect
Opensource User Name Information - Detect
OpenStreetMap User Name Information - Detect
OPGG User Name Information - Detect
Orbys User Name Information - Detect
Osu! User Name Information - Detect
Our Freedom Book User Name Information - Detect
Ow.ly User Name Information - Detect
Palnet User Name Information - Detect
Parler User Name Information - Detect
Parler archived posts User Name Information - Detect
Parler archived profile User Name Information - Detect
Pastebin User Name Information - Detect
Patch User Name Information - Detect
PatientsLikeMe User Name Information - Detect
Patreon User Name Information - Detect
Patriots Win User Name Information - Detect
Patronite User Name Information - Detect
Paypal User Name Information - Detect
PCGamer User Name Information - Detect
PCPartPicker User Name Information - Detect
Peing User Name Information - Detect
Periscope User Name Information - Detect
Pettingzoo.co (Mastodon Instance) User Name Information - Detect
Pewex User Name Information - Detect
Picsart User Name Information - Detect
Piekielni User Name Information - Detect
Pikabu User Name Information - Detect
Pillowfort User Name Information - Detect
PinkBike User Name Information - Detect
Pinterest User Name Information - Detect
Piratebay Username Information - Detect
Pixelfed.social User Name Information - Detect
Platzi service User Name Information - Detect
Playstation Network User Name Information - Detect
Plurk User Name Information - Detect
Pokec User Name Information - Detect
Pokemonshowdown User Name Information - Detect
Pokerstrategy User Name Information - Detect
Polchat.pl User Name Information - Detect
Policja2009 User Name Information - Detect
Poll Everywhere User Name Information - Detect
Polygon User Name Information - Detect
Polywork User Name Information - Detect
Popl User Name Information - Detect
Pornhub Porn Stars User Name Information - Detect
Pornhub Users User Name Information - Detect
Poshmark User Name Information - Detect
Postcrossing User Name Information - Detect
Postnews User Name Information - Detect
Poweredbygay.social (Mastodon Instance) User Name Information - Detect
Producthunt User Name Information - Detect
Promodj User Name Information - Detect
Pronouns.Page User Name Information - Detect
Pronouny User Name Information - Detect
Prose User Name Information - Detect
Prv.pl User Name Information - Detect
Psstaudio User Name Information - Detect
Public User Name Information - Detect
Pypi User Name Information - Detect
QUEER User Name Information - Detect
Quitter.pl User Name Information - Detect
Quora User Name Information - Detect
Raddle.me User Name Information - Detect
Rant.li User Name Information - Detect
ReblogMe User Name Information - Detect
Redbubble User Name Information - Detect
Reddit User Name Information - Detect
REDGIFS User Name Information - Detect
Refsheet User Name Information - Detect
Researchgate User Name Information - Detect
Resumes actorsaccess User Name Information - Detect
Revolut User Name Information - Detect
Risk.ru User Name Information - Detect
Roblox User Name Information - Detect
Rsi User Name Information - Detect
Ru 123rf User Name Information - Detect
RubyGems User Name Information - Detect
RumbleChannel User Name Information - Detect
RumbleUser User Name Information - Detect
Salon24 User Name Information - Detect
SaraCarterShow User Name Information - Detect
ScoutWiki User Name Information - Detect
Scratch User Name Information - Detect
Secure donation User Name Information - Detect
Seneporno User Name Information - Detect
Sentimente User Name Information - Detect
SEOClerks User Name Information - Detect
Setlist.fm User Name Information - Detect
Sexworker User Name Information - Detect
SFD User Name Information - Detect
Shanii Writes User Name Information - Detect
Shesfreaky User Name Information - Detect
Shopify User Name Information - Detect
Shutterstock User Name Information - Detect
Skeb User Name Information - Detect
Skill Share User Name Information - Detect
Skyrock User Name Information - Detect
SlackHoles User Name Information - Detect
Slant User Name Information - Detect
Slides User Name Information - Detect
Slideshare User Name Information - Detect
SmashRun User Name Information - Detect
Smelsy User Name Information - Detect
SmugMug User Name Information - Detect
Smule User Name Information - Detect
Snapchat User Name Information - Detect
Snapchat Stories User Name Information - Detect
Snipfeed User Name Information - Detect
Soc.citizen4.eu User Name Information - Detect
Social msdn User Name Information - Detect
Social.bund.de User Name Information - Detect
Sofurry User Name Information - Detect
SoliKick User Name Information - Detect
Soloby User Name Information - Detect
Solo.to User Name Information - Detect
SoundCloud User Name Information - Detect
Soup User Name Information - Detect
Sourceforge User Name Information - Detect
Speaker Deck User Name Information - Detect
Speedrun User Name Information - Detect
SpiceWorks User Name Information - Detect
Sporcle User Name Information - Detect
Spotify User Name Information - Detect
StackOverflow User Name Information - Detect
Steam User Name Information - Detect
Steemit User Name Information - Detect
Steller User Name Information - Detect
Stoners.social (Mastodon Instance) User Name Information - Detect
StoryCorps User Name Information - Detect
StreamElements User Name Information - Detect
StreamLabs User Name Information - Detect
Stripchat User Name Information - Detect
Subscribestar User Name Information - Detect
substack.com User Name Information - Detect
Sukebei.nyaa.si User Name Information - Detect
Suzuri User Name Information - Detect
Szmer.info User Name Information - Detect
Tabletoptournament User Name Information - Detect
Tagged User Name Information - Detect
TamTam User Name Information - Detect
Tanuki.pl User Name Information - Detect
TAPiTAG User Name Information - Detect
Tappy User Name Information - Detect
Taringa User Name Information - Detect
Taskrabbit User Name Information - Detect
Teamtreehouse User Name Information - Detect
Teddygirls User Name Information - Detect
Teespring User Name Information - Detect
Teknik User Name Information - Detect
Telegram User Name Information - Detect
Tellonym User Name Information - Detect
Tenor User Name Information - Detect
TF2 Backpack Examiner User Name Information - Detect
Thegatewaypundit User Name Information - Detect
Theguardian User Name Information - Detect
Themeforest User Name Information - Detect
Thetattooforum User Name Information - Detect
Threads User Name Information - Detect
TikTok User Name Information - Detect
Tilde.zone (Mastodon Instance) User Name Information - Detect
Tinder User Name Information - Detect
TMDB User Name Information - Detect
Tooting.ch (Mastodon Instance) User Name Information - Detect
TotalWar User Name Information - Detect
Toyhou.se User Name Information - Detect
TrackmaniaLadder User Name Information - Detect
Tradingview User Name Information - Detect
Trakt User Name Information - Detect
Trello User Name Information - Detect
Tripadvisor User Name Information - Detect
Truth Social User Name Information - Detect
TryHackMe User Name Information - Detect
Tumblr User Name Information - Detect
Tunefind User Name Information - Detect
Twitcasting User Name Information - Detect
Twitch User Name Information - Detect
Twitter User Name Information - Detect
Twitter archived profile User Name Information - Detect
Twitter archived tweets User Name Information - Detect
Twpro User Name Information - Detect
Ubisoft User Name Information - Detect
Udemy User Name Information - Detect
Uefconnect User Name Information - Detect
Uid User Name Information - Detect
Uiuxdev.social (Mastodon Instance) User Name Information - Detect
Ultras Diary User Name Information - Detect
Ulub.pl User Name Information - Detect
Unsplash User Name Information - Detect
Untappd User Name Information - Detect
USA Life User Name Information - Detect
Utip.io User Name Information - Detect
Uwu.ai User Name Information - Detect
Uwumarket User Name Information - Detect
Vampr User Name Information - Detect
Venmo User Name Information - Detect
Vero User Name Information - Detect
Vibilagare User Name Information - Detect
Viddler User Name Information - Detect
Vimeo User Name Information - Detect
Vine User Name Information - Detect
VIP-blog User Name Information - Detect
Virustotal User Name Information - Detect
Visnesscard User Name Information - Detect
Vivino User Name Information - Detect
VK User Name Information - Detect
Vkl.world (Mastodon Instance) User Name Information - Detect
Vmst.io (Mastodon Instance) User Name Information - Detect
Voice123 User Name Information - Detect
Voices.com User Name Information - Detect
Vsco User Name Information - Detect
Wanelo User Name Information - Detect
Warriorforum User Name Information - Detect
Watchmemore.com User Name Information - Detect
Watchmyfeed User Name Information - Detect
Wattpad User Name Information - Detect
Weasyl User Name Information - Detect
Weebly User Name Information - Detect
Wego User Name Information - Detect
Weheartit User Name Information - Detect
Weibo User Name Information - Detect
WeTransfer User Name Information - Detect
Wikidot User Name Information - Detect
Wikipedia User Name Information - Detect
Wimkin-PublicProfile User Name Information - Detect
Wireclub User Name Information - Detect
Wishlistr User Name Information - Detect
Wolni Słowianie User Name Information - Detect
Wordnik User Name Information - Detect
WordPress User Name Information - Detect
WordPress Support User Name Information - Detect
Wowhead User Name Information - Detect
Wykop User Name Information - Detect
Xanga User Name Information - Detect
Xbox Gamertag User Name Information - Detect
XHamster User Name Information - Detect
Xing User Name Information - Detect
XVIDEOS-models User Name Information - Detect
XVIDEOS-profiles User Name Information - Detect
Yahoo! JAPAN Auction User Name Information - Detect
Yapishu User Name Information - Detect
Yazawaj User Name Information - Detect
Yelp User Name Information - Detect
Yeswehack User Name Information - Detect
Youpic User Name Information - Detect
YouTube User Name Information - Detect
Zatrybi.pl User Name Information - Detect
Zbiornik User Name Information - Detect
Zhihu User Name Information - Detect
Zillow User Name Information - Detect
Zmarsa.com User Name Information - Detect
Zomato User Name Information - Detect
Zoomitir User Name Information - Detect
takeovers
Aftership - Subdomain Takeover Detection
AgileCRM Takeover Detection
Aha - Subdomain Takeover Detection
Airee Takeover Detection
Anima Takeover Detection
Announcekit Takeover Detection
AWS Bucket Takeover Detection
Bigcartel Takeover Detection
Bitbucket Takeover Detection
CampaignMonitor Takeover Detection
Canny Takeover Detection
cargo takeover detection
CargoCollective Takeover Detection
Clever Cloud - Subdomain Takeover Detection
Flexbe Subdomain Takeover
frontify takeover detection
Gemfury Takeover Detection
Getresponse Takeover Detection
ghost takeover detection
gitbook takeover detection
Github Takeover Detection
GoHire Takeover Detection
Hatenablog Takeover Detection
HelpDocs Takeover Detection
helpjuice takeover detection
Helprace Takeover Detection
helpscout takeover detection
hubspot takeover detection
Intercom Takeover Detection
jazzhr takeover detection
Jetbrains Takeover Detection
kinsta takeover detection
Launchrock Takeover Detection
Leadpages takeover detection
Lemlist - Subdomain Takeover Detection
mashery takeover detection
Meteor subdomain takeover
netlify takeover detection
Ngrok Takeover Detection
Pagewiz subdomain takeover
Pantheon Takeover Detection
Pingdom Takeover Detection
proposify takeover detection
Readme.io Takeover Detection
Read the Docs Takeover Detection
shopify takeover detection
Short.io takeover detection
simplebooklet takeover detection
Smartjob Takeover Detection
Smugmug Takeover Detection
Softr.io Takeover Detection
Sprintful Takeover
Squadcast Takeover Detection
Strikingly Takeover Detection
surge takeover detection
surveygizmo takeover detection
SurveySparrow takeover detection
tave takeover detection
Teamwork Takeover Detection
tilda takeover detection
tumblr takeover detection
Uberflip Takeover Detection
Uptime Takeover Detection
uptimerobot takeover detection
Uservoice Takeover Detection
vend takeover detection
wasabi Bucket Takeover - Detection
Wishpond Takeover Detection
Wix Takeover Detection
WordPress takeover detection
Worksites Takeover Detection
wufoo takeover detection
Zendesk Takeover Detection
technologies
4D Detection
Detect Abyss Web Server
Accellion - Detect
AContent Detect
activecollab detect
ADFS Detect
AdmiralCloud - Detect
adobe
Adobe ColdFusion Detector
Adobe ColdFusion Detector
AEM Finder
Favicon based AEM Detection
AeroCMS Detect
Airtame Device Detect
akamai
Akamai Bot Manager Protection - Detect
Akamai Cache Detection
akamai cdn detection
Amazon ECS Sample App Default Page - Detect
Ambassador Edge Stack - Detect
Angular detect
Ansible AWX Detection
apache
Apache Airflow
Apache Allura - Detection
Apache Answer - Detection
apache-axis-detect
Apache CloudStack - Detect
Apache Cocoon detect
Apache Detection
Apache dubbo detect
Apache Gravitino - Detect
Apache Guacamole Login Page and version detection
Apache Hertzbeat - Detect
Apache JSPWiki - Detect
Apache Karaf Detect
Apache OFBiz - Detect
Apache Ozone - Detect
Apache Pinot - Detect
Apache Shenyu Gateway Management System - Detect
Apache StreamPipes - Detect
Apache Tapestry Framework detect
Apache Zeppelin detect
Apache HTTP Server Test Page
Apache HTTP Server Test Page
Apache2 Default Test Page
Apache2 Ubuntu Default Page
Kafka Manager Panel
Apache Ranger Detection
Tomcat Detection
XAMPP Default Page
Apollo Server GraphQL Introspection - Detect
AppCms Detect
Apple HttpServer Detect
Aqua Enterprise Detect
ArcGIS - Detect
ArcGIS Exposed REST API documentation
ArcGIS Token Service - Detect
Artica Web Proxy Detect
Atlassian Connect Descriptor - Detect
Attu - Detect
Autobahn-Python Webserver Detect
Avideo Detect
aws
Amazon EC2 Server Detect
Detect websites using AWS bucket storage
AWS Cloudfront service detection
AWS Service - Detect
AWS Elastic Beanstalk Detect
Detect Azure Kubernetes Service
B2BBuilder Detect
Bamboo - Detection
Basic Auth Detection
Besu JSON-RPC HTTP Server - Detect
BigBlueButton Detect
BIGIP APM - Detect
BIG-IP Configuration Utility detected
BIGIP - Detection
Blazor WebAssembly - Detect
Boa Web Server - Detect
Burp Rest API Server Running
Burp Collaborator Server - Detect
Caobox CMS - Detect
CARESTREAM Vue Motion Detector
CasaOS Detection
CATALOGcreator Page Login Panel - Detect
Celebrus - Detect
Check Point Mobile SSL VPN - Detect
Chevereto detect
Cisco ASA - Detect
Citrix Hypervisor Page Detection
Citrix XenMobile Version - Detect
Cleo Technology - Detect
Cloudflare Nginx Detect
Cloudfoundry Detect
Cobbler Version Detection
Detect Agentejo Cockpit
Coming Soon Page Detect
Confluence Detection
ConnectWise Control Detect
Couchbase Sync Gateway
CouchDB - Detect
Cowboy - Detect
Craft CMS Detect
CrafterCMS - Detect
OWASP CSRFGuard 3.x/4.x - Detect
CUPS - Detect
CVSweb - Detect
Dash Panel Detect
DedeCMS Detect
Amazon Cognito Developer Authentication Sample - Detect
Default Apache Miracle Linux Web Server Page
Apache Shiro Default Page
ASP.Net Test Page
CakePHP Default Page
CentOs-WebPanel Test Page
Default CodeIgniter Page
Default Web Application Detection
Django Default Page
Fastcgi Default Test Page
Fedora Default Test Page
GlassFish Server Default Page
Jetty Default Page
lighttpd Default Page
Lighttpd Placeholder Page
Lucee Default Page
Movable Default Page
OpenResty Default Page
Azure Container Instance Default Page
Default Parallels Plesk Panel Page
Payara Server Default Page
Plesk Default Test Page
Red Hat Enterprise Linux Test Page
RunCloud Default Page
Sitecore Default Page - Detect
SSL/TLS-aware Test Page
Symfony Default Page
Tengine Default Page
WebSphere Liberty Default Page
dell
Dell DPI Remote Power Management - Detect
Detect Dell iDRAC6
Detect Dell iDRAC7
Detect Dell iDRAC8
Detect Dell iDRAC9
Detect Sentry Instance
DevExpress - Detect
Directus - Detect
dizqueTV - Detect
Domibus - Detect
DreamBox Detect
Drupal - Detect
DUFS - Detect
DWR detect test page detection
Ecology Detection
eG Manager Detect
Elasticsearch - SQL Client Detection
Element Web - Detect
elFinder - Install Detection
elFinder 2.1.58 - Remote Code Execution
EmpireCMS Detect
Emqx Detection
Erigon JSON-RPC HTTP Server - Detect
Erxes Detect
Express Default Page
EyesOfNetwork Detect
FanRuanOA-detect
FanRuanOA2012-detect
Fastjson Version Detection
favicon-detection
FingerprintHub Technology Fingerprint
Flutter Web Application - Detect
Frappe Framework - Detect
Froxlor Detect
Gabia Server - Detection
GeoWebServer Detector Panel - Detect
Go Ethereum JSON-RPC HTTP Server - Detect
GetSimple CMS Detection
GilaCMS Detect
GitBook Detect
Gitea Detect
GLPI Status Page - Detect
Gnuboard CMS - Detect
Goliath Detection
google
Google Chromecast - Detect
Google Cloud Run Default Page
firebase detect
Google Firebase DB URL Finder
Detect websites using Google bucket storage
Google Bucket detection
Google frontend HttpServer
GotWeb Detect
Gradio - Detect
GraphiQL Detect
GraphQL API Detection
Grav CMS Detect
graylog
Graylog REST API Endpoints - Exposure
Detect Graylog REST API
Detect Gunicorn Server
hanwang-detect
Harbor Detect
HashiCorp Boundary Detect
HashiCorp Vault Detect
HCP Anywhere - Detect
Detect websites using Herokuapp endpoints
Hetzner Cloud Detect
Hikvision Panel
Honeypot Detection
HP BladeSystem Onboard Administrator Panel - Detector
HP Media Vault Detect
Hubble - Detect
Hue Personal Wireless Lighting - Detect
HugeGraph - Detect
Hugo Detect
ibm
IBM API Connect Developer Portal - Detect
IBM Decision Runner - Detect
IBM Decision Server Runtime Panel- Detect
Default IBM HTTP Server
IBM Operational Decision Manager - Detect
IBM Sterling File Gateway Detect
Icecast Streaming Media Server Information Panel - Detect
Icecast Streaming Media Server Detection
Identity Server V3 - Detect
HP iLO
Imgproxy Detect
ImpressCMS Detect
InfluxDB Version Information - Detect
Interactsh Server
Intercom widget detection
Iparapheur - Detect
Detect iPlanet Webserver Detection
iSpyConnect - Detect
ivanti
Ivanti Endpoint Manager - Detect
Ivanti Endpoint Manager (EPM) - Detect
JBoss detected
Jeecg-Boot Detect
Jellyfin detected
Jenkins Detection
JHipster Detect
Jira Detect
Jira Rest API Server Information
Jitsi Meet Page Detect
Jolokia Detection
Joomla! Detect
JavaServer Faces Detection
Json Server
Jspxcms Detect
JWay Products - Detect
Khoj - Detect
Kingsoft Web Server Detect
KodExplorer-detect
Detect Kong
kubernetes
etcd
Etcd Version - Detect
kube-api
Kube API Deployments
Kube API Namespaces
Kube API Nodes
Kube API Pods
Kube API Secrets
Kube API Services
Kube API Version
kubelet
Kubelet Healthz
Kubelet Metrics
Kubelet Scan
Kubelet Running Pods
Kubelet Stats
Kubernetes Version Exposure
Kubernetes Operational View Detect
landesk
LANDESK(R) Cloud Services Appliance Detect
LANDESK(R) Management Agent Detect
Lexmark Device Detect
LimeSurvey Survey Software - Detect
Linkerd detection via bad rule
Live Helper Chat Detect
LobeChat - Detect
LocalAI - Detect
LoLLMS WebUI - Detect
Lotus Domino Version Extractor
Detect Lucee
Lucy Security Admin Panel
Magento Detect
Magento End-of-life Detect
Magento Version Detect
MAGMI (Magento Mass Importer) Plugin Detect
Maian Cart Detection
Mapproxy - Detect
Matrix Server Detect
Matrix Homeserver - Version Detection
Meilisearch - Detect
Metatag CMS Detection
Micro Focus iPrint Appliance - Detect
microsoft
AspNet Version Disclosure - Detect
AspNetMvc Version - Detect
Azure Function App - Default Page
IIS-7 Default Page
Microsoft Azure Default Page
IIS Windows Server Default Page
Microsoft IIS version detect
Microsoft SharePoint Detect
Microsoft Exchange Server Detect
PowerBI Report Server - Detect
Detect Microsoft SQL Server Reporting
Microsoft Internet Information Services 8
MicroStrategy Instances Detection Template
Microweber Detect
MikroTik httpproxy
Milvus - Detect
Mirth Connect Admin Panel - Detect
MoinMoin wiki detect
Mojoportal - Detect
Mongoose Server
MonstraCMS Detection
Moveit File Transfer - Detect
Detect MRTG
Nacos - Detect
Neo4j Neodash - Detect
Neos CMS detection
Nethermind JSON-RPC HTTP Server - Detect
Netsweeper WebAdmin - Detect
NextChat - Detect
Nextcloud Detect
Owncloud StatusPage detection
Nexus Repository Manager (NRM) Instance Detection Template
nginx
Nginx Default Test Page
Nginx HTTP Server Amazon Linux
Nginx version detect
Apache NiFi detect
NimPlant C2 Server - Detect
Nimsoft Wasp Detection
Node-RED Dashboard - Detect
Notion Detect
nPerf Server - Detect
Ntop Detect Panel - Detect
OAuth 2.0 Authorization Server Detection Template
OctoberCMS detect
Detect OpenID Connect provider
Olivetti CRF Detect
Omni Commerce Connect (OCC) Rest APIs
OneBlog Detect
Open Journal Systems Detect
Open Virtualization Manager Detection
OpenAI Plugin Detection
OpenEthereum JSON-RPC HTTP Server Detect
OpenHAP Detection
OpenProject - Detect
OpenResty detection
Openssl Detect
Operations Automation Default Page
Oqtane CMS Database - Detect
oracle
Oracle Application Server Containers
Oracle Access Manager Detect
Oracle ATG Commerce Panel - Detect
Oracle DBaaS Monitor Detect
Oracle Database as a Service
Detect Oracle-iPlanet-Web-Server
Oracle WebCenter Sites
Oracle Fusion Middleware - Detect
Oracle HTTPServer12c
Orbit Telephone System - Detect
OSQuery Fleet Detection Panel - Detect
OWASP Juice Shop
Pagespeed Detection
Payara Micro Detect
PbootCMS Detect
Pega Infinity Detection
Pexip - Detect
PgHero - Detect
PHP Detect
PHP Fusion Detect
PHP Proxy Detect
phpList - Detect
PhpPgAdmin Version Information - Detect
Pi-hole Login Panel - Detect
Piwigo Detect
Plone CMS detect
Pomerium Detect
PrestaShop Tech Detection
PrivateBin - Detect
ProjectSend Login Panel - Detect
Detect PRTG
Puppet Node Manager
PuppetDB Detection
Puppetserver Detection
PyPI Server Detect
REDCap detector
Detect Redmine CLI Configuration File
Rhymix CMS Detect
Rosariosis Detect
Roundcube webmail
Advantech R-SeeNet Detection
RSSHub Detect
Detect Amazon-S3 Bucket
Salesforce B2C Commerce WebDAV - Detection
Samsung SmartTV Debug Config
sap
SAP Internet Graphics Server (IGS) Detection
SAP NetWeaver ICM - Detect
SAP NetWeaver WebGUI Detection
SAP Web Dispatcher detection
SAP Web Dispatcher admin portal detection
SAP Spartacus detect
SCEditor Detect
SearXNG - Detect
SECUI WAF Panel - Detect
Sekolahku CMS - Detect
ShareFile Storage Server - Detect
Shibboleth SSO Detect
Detect Shiro Framework
Shopizer Detection
Shopware CMS detect
Silverback MDM - Detection
SimpleSAMLphp - Detect
Sitecore CMS - Detect
Sitecore version detection
Slims CMS - Detect
SmartStore Detect
SMTP2GO Detect
Snipe-IT Panel - Detect
SOGo Detect
SonicWall Email Security Panel - Detect
Spark Lighter Detection
Spinnaker Detect
SPIP - Detect
Splash - Detect
Splunk HEC - Detect
Java Spring Detection
Detect Springboot Actuators
SpringBoot WhiteLabel Error Page - Detect
Statamic - Detect
Stirling PDF - Detect
Strapi CMS detect
Subrion CMS Detect
Sucuri Website Firewall - Not Configured
Swag Instance Default Page Panel - Detect
Switching Protocol Detection
Synology Web Station Page - Detect
Detect Tableau Server
Wappalyzer Technology Detection
telerik
Detect Telerik Web UI Dialog Handler
Detect Telerik Web UI Fileupload Handler
Teradici PCoIP Detection
Detect Terraform Provider
ThinkCMF Panel - Detect
ThinkPHP - Detect
TIBCO BusinessConnect - Detect
TIBCO Spotfire Statistics Services - Detect
TileServer GL Page - Detect
Tinyproxy - Detect
Detect tor SOCKS proxy
TorchServe API Description - Detect
Tornado Server Panel - Detect
Twenty - Detect
Tyk API Gateway - Detection
TYPO3 Detection
UniGUI Framework - Detect
Utility Services Administration - Detect
vBulletin Detect
versa
Versa Analytics Server Detection
Versa Director API Endpoint Detection
Versa Networks Detection
Versa FlexVNF Server
VertiGIS - Detect
VIVOTEK Web Console Detect
vmware
VMware Detection
Vmware Horizon Version Detect
VMware Site Recovery Manager Panel - Detect
VMware vRealize
WAF Detection
Web FTP Detection
Web Suite Detect
Detect Weblogic
Werkzeug debugger console
Wiki.js - Detect
Windows Communication Foundation - Detect
Wing FTP Service - Detect
Windows Remote Management - Detection
Wms-Server detect
WonderCMS Detect
wordpress
plugins
Ad Inserter – Ad Manager & AdSense Ads Detection
AddToAny Share Buttons Detection
Admin Menu Editor Detection
Adminimize Detection
Advanced Custom Fields (ACF®) Detection
Akismet Anti-spam' Spam Protection Detection
All 404 Redirect to Homepage Detection
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic Detection
All-in-One WP Migration and Backup Detection
All-In-One Security (AIOS) – Security and Firewall Detection
AMP Detection
Antispam Bee Detection
Activity Log – Monitor & Record User Changes Detection
Starter Templates — Elementor & WordPress Templates Detection
Astra Widgets Detection
Autoptimize Detection
Backuply – Backup, Restore, Migrate and Clone Detection
BackWPup – WordPress Backup & Restore Plugin Detection
Better Search Replace Detection
Solid Security – Password, Two Factor Authentication, and Brute Force Protection Detection
Black Studio TinyMCE Widget Detection
Breadcrumb NavXT Detection
Breeze – WordPress Cache Plugin Detection
Broken Link Checker Detection
Burst Statistics – Privacy-Friendly Analytics for WordPress Detection
Floating Chat Widget' Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty Detection
Child Theme Configurator Detection
Classic Editor Detection
Classic Widgets Detection
Click to Chat – HoliThemes Detection
Cloudflare Detection
CMB2 Detection
Page Builder Gutenberg Blocks – CoBlocks Detection
Code Snippets Detection
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode Detection
Complianz – GDPR/CCPA Cookie Consent Detection
Contact Form 7 Detection
Honeypot for Contact Form 7 — Protect Contact Form 7 spam with ease! [100% FREE Anti-Spam Plugin] Detection
Contact Form 7 Database Addon – CFDB7 Detection
CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Detection
Cookie Notice & Compliance for GDPR / CCPA Detection
Duplicate Post Detection
Joinchat Detection
Creative Mail – Easier WordPress & WooCommerce Email Marketing Detection
Simple Custom CSS and JS Detection
Custom Fonts – Host Your Fonts Locally Detection
Custom Post Type UI Detection
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Detection
Disable Gutenberg Detection
Duplicate Page Detection
Yoast Duplicate Post Detection
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More Detection
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress Detection
Easy FancyBox Detection
Easy Google Fonts Detection
Easy Table of Contents Detection
Easy WP SMTP – WordPress SMTP and Email Logs' Gmail, Office 365, Outlook, Custom SMTP, and more Detection
Elementor Website Builder – More Than Just a Page Builder Detection
ElementsKit Elementor Addons and Templates Detection
Enable Media Replace Detection
Envato Elements – Photos & Elementor Templates Detection
Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders Detection
EWWW Image Optimizer Detection
Extendify Detection
Facebook for WooCommerce Detection
Instant Indexing for Google Detection
Favicon by RealFaviconGenerator Detection
Flamingo Detection
Flexmls IDX - Detect
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider Detection
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder Detection
Font Awesome Detection
Force Regenerate Thumbnails Detection
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Detection
Forminator Forms – Contact Form, Payment Form & Custom Form Builder Detection
GA Google Analytics – Connect Google Analytics to WordPress Detection
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD Detection
Wordpress GiveWP Detection
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Detection
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) Detection
Google for WooCommerce Detection
Site Kit by Google – Analytics, Search Console, AdSense, Speed Detection
XML Sitemap Generator for Google Detection
Translate WordPress with GTranslate Detection
Gutenberg Detection
Happy Addons for Elementor Detection
Header and Footer Scripts Detection
Head, Footer and Post Injections Detection
Header Footer Code Manager Detection
Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) Detection
Health Check & Troubleshooting Detection
Hello Dolly Detection
OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. Detection
Hostinger Tools Detection
Hunk Companion Detection
Image Optimizer – Optimize Images and Convert to WebP or AVIF Detection
Imagify Image Optimization – Compress Images | Convert WebP | Convert AVIF | Optimize Images Detection
Imsanity Detection
InPost PL for WooCommerce Detection
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager Detection
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Detection
Intuitive Custom Post Order Detection
InfiniteWP Client Detection
Jeg Elementor Kit Detection
Jetpack – WP Security, Backup, Speed, & Growth Detection
Jetpack Boost – Website Speed, Performance and Critical CSS Detection
Gutenberg Blocks with AI by Kadence WP – Page Builder Features Detection
Kirki Customizer Framework Detection
HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics Detection
Limit Login Attempts Detection
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall Detection
LiteSpeed Cache Detection
Loco Translate Detection
Loginizer Detection
LoginPress | wp-login Custom Login Page Customizer Detection
Mailchimp for WooCommerce Detection
MC4WP' Mailchimp for WordPress Detection
MailPoet – Newsletters, Email Marketing, and Automation Detection
Maintenance Detection
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Detection
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall Detection
Max Mega Menu Detection
Members – Membership & User Role Editor Plugin Detection
Meta Box Detection
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Detection
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Detection
Newsletter – Send awesome emails from WordPress Detection
Nextend Social Login and Register Detection
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery Detection
Ninja Forms – The Contact Form Builder That Grows With You Detection
Ocean Extra Detection
Meta pixel for WordPress Detection
One Click Demo Import Detection
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation Detection
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Detection
Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more Detection
PDF Embedder Detection
Photo Gallery by 10Web – Mobile-Friendly Image Gallery Detection
PHP Compatibility Checker Detection
Pinterest for WooCommerce Detection
PixelYourSite – Your smart PIXEL (TAG) & API Manager Detection
Polylang Detection
Popup Builder – Create highly converting, mobile friendly marketing popups. Detection
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder Detection
Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more Detection
Post Types Order Detection
Premium Addons for Elementor Detection
PrettyLinks – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Detection
Really Simple CAPTCHA Detection
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) Detection
Redirection Detection
Redux Framework Detection
Regenerate Thumbnails Detection
Royal Elementor Addons and Templates Detection
Safe SVG Detection
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Detection
Speed Optimizer – The All-In-One Performance-Boosting Plugin Detection
Security Optimizer – The All-In-One Protection Plugin Detection
WP Shortcodes Plugin — Shortcodes Ultimate Detection
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF Detection
Simple Custom Post Order Detection
Simple History – Track, Log, and Audit WordPress Changes Detection
Simple Page Ordering Detection
SiteGuard WP Plugin Detection
Page Builder by SiteOrigin Detection
Smart Slider 3 Detection
SiteOrigin Widgets Bundle Detection
SpeedyCache – Cache, Optimization, Performance Detection
SSL Insecure Content Fixer Detection
Sticky Header Effects for Elementor Detection
Easy Updates Manager Detection
Sucuri Security – Auditing, Malware Scanner and Security Hardening Detection
SVG Support Detection
Table of Contents Plus Detection
TablePress – Tables in WordPress made easy Detection
Category Order and Taxonomy Terms Order Detection
Templately – Elementor & Gutenberg Template Library' 5500+ Free & Pro Ready Templates And Cloud! Detection
The Events Calendar Detection
Orbit Fox by ThemeIsle Detection
Advanced Editor Tools Detection
Translate Multilingual sites – TranslatePress Detection
Spectra Gutenberg Blocks – Website Builder for the Block Editor Detection
Under Construction Detection
Unyson Detection
UpdraftPlus' WP Backup & Migration Plugin Detection
Use Any Font | Custom Font Uploader Detection
User Role Editor Detection
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Detection
Velvet Blues Update URLs Detection
W3 Total Cache Detection
Converter for Media – Optimize images | Convert WebP & AVIF Detection
WebP Express Detection
Widget Importer & Exporter Detection
WooCommerce Cart Abandonment Recovery Detection
Checkout Field Editor (Checkout Manager) for WooCommerce Detection
InPost for WooCommerce Detection
Variation Swatches for WooCommerce Detection
WooCommerce Detection
WooCommerce PayPal Checkout Payment Gateway Detection
WooCommerce Stripe Payment Gateway Detection
WooCommerce Legacy REST API Detection
WooPayments' Integrated WooCommerce Payments Detection
WooCommerce PayPal Payments Detection
PDF Invoices & Packing Slips for WooCommerce Detection
WooCommerce Shipping & Tax Detection
Wordfence Security – Firewall, Malware Scan, and Login Security Detection
WordPress Importer Detection
Yoast SEO Detection
WooSidebars Detection
ManageWP Worker Detection
WP Crontrol Detection
WP Fastest Cache Detection
File Manager Detection
WP Go Maps (formerly WP Google Maps) Detection
WP Mail Logging Detection
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin Detection
LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Detection
WP Migrate Lite – WordPress Migration Made Easy Detection
WP Multibyte Patch Detection
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance Detection
WP-PageNavi Detection
WP Reset – Most Advanced WordPress Reset Tool Detection
Widgets for Google Reviews Detection
WP Rollback – Rollback Plugins and Themes Detection
SEOPress – On-site SEO Detection
WP Sitemap Page Detection
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN Detection
WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin Detection
WP Super Cache Detection
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Detection
ReCaptcha v2 for Contact Form 7 Detection
Redirection for Contact Form 7 Detection
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Detection
WPS Hide Login Detection
Migration, Backup, Staging – WPvivid Backup & Migration Detection
YITH WooCommerce Compare Detection
YITH WooCommerce Wishlist Detection
themes
WordPress Bricks Builder Theme Version
WordPress Detect
Workerman Websocket Detection
Writebook - Detect
WSO2 Products - Detect
Wuzhicms Detected
XenForo Forum Detection
Xerox Workcentre Detect
YApi Detect
YesWiki Panel - Detect
Ymhome-detect
YOURLS - Detection
ZAP Rest API Server Running
Zend Server Test Page
ZEROF Web Server Detect
Zimbra Detect
Zope Quick Start Detect
token-spray
1Forge API Test
Abstract Api Company Enrichment Test
Abstract Api Email Validation Test
Abstract Api Exchange Rates Test
Abstract Api IBAN Validation Test
Abstract Api Image Processing Test
Abstract Api IP Geolocation Test
Abstract Api Phone Validation Test
Abstract Api Public Holidays Test
Abstract Api Timezone Test
Abstract Api User Avatars Test
Abstract Api VAT Validation Rates Test
Abstract Api Web Scraping Test
Abstract Api Website Screenshot Test
AbuseIPDB API - Test
AccuWeather API Test
Adafruit IO API Test
AdoptAPet API Test
Airtable API Test
Alchemy API Test
AlienVault Open Threat Exchange (OTX) API Test
Amdoren API Test
AniAPI API Test
Api2Convert API Test
ApiFlash API Test
Apigee Edge API Test
AppVeyor API Test
Asana API Test
Bhagavad Gita API Test
API.Bible API Test
Binance REST API
BinaryEdge API Test
Bing Maps API Test
BitcoinAverage API Test
Bitly API Test
Bitquery API Test
Bitrise API Test
Blitapp API Test
block.io API Test
Blockchain API Test
Blockfrost API Test
Box API Test
Brave New Coin API Test
Browshot API Test
Buildkite API Test
ButterCMS API Test
C99 API Test
Calendarific API Test
Calendly API Test
Chaos API Test
Charity Search API Test
CircleCI API Test
Clearbit API Test
ClickUp API Test
Clockify API Test
CloudConvert API Test
Cloudflare API Test
CodeStats API Test
CoinAPI API Test
Coinlayer API Test
CoinMarketCap API Test
Coinranking API Test
Cooper Hewitt API
Covalent API Test
CraftMyPDF API Test
CurrencyFreaks API Test
Currencylayer API Test
CurrencyScoop API Test
dbt Cloud API - Test
ddownload API Test
DeBounce API Test
Delighted API Test
DeviantArt API Test
DigitalOcean API Test
Dribbble API Test
Dropbox API Test
eBird API Test
Etherscan API Test
Europeana API Test
ExchangeRate-API API Test
Facebook API Test
Fastly API Test
Festivo API Test
Flickr API Test
Flowdash API Test
FontAwesome API Test
FortiToken Cloud API Test
Frontapp API
FullHunt API Test
Giphy API Test
GitHub API Test
Gitlab API Test
GoFile API Test
Google Drive API Test
Gorest API Test
Harvard Art Museums API Test
Heroku API Test
Hirak Exchange Rates API Test
Holiday API Test
host.io API Test
Html2PDF API Test
HubSpot API Test
Hunter API Test
IconFinder API Test
ImprovMX API Test
Instagram Graph API Test
Instatus API Test
Intelligence X API Test
Intercom API Test
Intigriti-Researcher API Test
IP2WHOIS API Test
IP Data API Test
IPFind API Test
IPinfo API Test
IPStack API Test
Iterable API Test
IUCN API Test
Jotform API Test
JSONBin API Test
JumpCloud API Test
LaunchDarkly REST API
LeanIX API Test
LinkedIn API Test
Lob API Test
Lokalise API Test
Loqate API Test
MAC Address Lookup API Test
MailboxValidator API Test
Mailchimp API Test
Mailgun API Test
MalShare API Test
MalwareBazaar API Test
Mapbox API Test
Micro User Service API Test
MojoAuth API Test
Monday API Test
MoonPay API Test
MyAnimeList API Test
My Web of Trust API
New Relic NerdGraph API Test
Netlify API Test
NetworksDB API Test
New Relic Rest API
Notolytix API Test
Nownodes API Test
NPM API Test
NYTimes API Test
OneLogin API Test
Onyphe API Test
Open Page Rank API Test
OpenAI API Test
OpenGraphr API Test
OpenWeather API Test
OpsGenie API Test
Optimizely API Test
ORB Intelligence API Test
PageCDN API Test
Pagerduty API Test
Particle Cloud API Test
Pastebin API Test
PayPal API Test
pdflayer API Test
Pendo API Test
Petfinder API Test
Pinata API Test
PivotalTracker API Test
PostMark API Test
PrexView API Test
ProxyCrawl API Test
ProxyKingdom API Test
Quip API Test
Rijksmuseum API Test
SavePage API Test
Scanii API Test
ScraperAPI API Test
ScraperBox API Test
Scrapestack API Test
ScrapingAnt API Test
ScrapingDog API Test
ScreenshotAPI API Test
SecurityTrails API Test
Segment API Test
Sendgrid API Test
Sentry API Test
serpstack API Test
Shodan API Test
Slack API Test
Smartsheet API Test
SonarCloud API Test
Spotify API Test
Square API Test
SSLMate API Test
Strava API Test
Stripe API Test
Stytch API Test
Supportivekoala API Test
Taiga API Test
Tatum API Test
Telegram API Test
TheCatApi API Test
TheDogApi API Test
Ticket Master API Test
Tink API Test
TinyPNG API Test
Todoist API Test
Travis CI API Test
Trello API Test
Twitter API Test
URLScan API Test
User Stack API Test
Vercel - API Detection
VirusTotal API Test
Visual Studio API Test
WakaTime CI API Test
Web3 Storage API Test
Cisco Webex API Test
WeGlot API Test
Word Cloud API Test
Wordnik API Test
YouTube API Test
ZenRows API Test
Zerobounce API Test
ZoomEye API Test
Google Autocomplete API Test
Google Books API Test
Google Custom Search API Test
Google Directions API Test
Google Elevation API Test
Google FCM API Test
Google Find Place From Text API Test
Google Distance Matrix API Test
Google Geocode API Test
Google Geolocation API Test
Google Maps Embed API Test
Google Maps Embed (Advanced) API Test
Google Nearby Search API Test
Google Nearest Roads API Test
Google Place Details API Test
Google Places Photo API Test
Google Playable Locations API Test
Google Route to Traveled API Test
Google Safe Browsing API Test
Google Speed Limit API Test
Google Static Maps API Test
Google Static Streetview API Test
Google Places Text Search API Test
Google Timezone API Test
vulnerabilities
74cms
74CMS weixin.php - SQL Injection
amazon
Amazon EC2 - Server-side request forgery (SSRF)
apache
Apache Flink - Remote Code Execution
Apache NiFi - Remote Code Execution
Apache OFBiz - JNDI Remote Code Execution (Apache Log4j)
Apache Solr <=8.8.1 - Local File Inclusion
Apache Solr 7+ - Remote Code Execution (Apache Log4j)
Apache Solr 9.1 - Remote Code Execution
log4j
JamF Pro - Remote Code Execution (Apache Log4j)
shiro
Shiro <= 1.2.4 Deserialization Detection
avaya
Avaya Aura Utility Services Administration - Remote Code Execution
Avaya Aura Utility Services Administration - Cross-Site Scripting
avtech
AVTECH Video Surveillance Product - Authentication Bypass
AVTECH DVR - SSRF
AVTECH Video Surveillance Product - Unauthenticated File Download
AVTECH DVR - Login Verification Code Bypass
backdoor
AntSword Backdoor Detection
Cisco IOS XE - Impant Detection
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Authorization Bypass
JexBoss - Remote Code Execution
KevinLAB BEMS (Building Energy Management System) - Backdoor Detection
KevinLAB HEMS - Backdoor Detection
Lottie Player - Backdoor
Maccmsv10 - Backdoor Remote Code Execution
PHP 8.1.0-dev - Backdoor Remote Code Execution
Polyfill.io - Backdoor
BSPHP - Information Disclosure
chanjet-tplus
Chanjet TPlus GetStoreWarehouseByStore - Remote Command Execution
Chanjet Tplus - Unauthorized Password Reset
cisco
Cisco BroadWorks - Remote Code Execution (Apache Log4j)
Cisco CloudCenter Suite (Log4j) - Remote Code Execution
Cisco Unified Communications - Remote Code Execution (Apache Log4j)
Cisco vManage (Log4j) - Remote Code Execution
Cisco WebEx - Remote Code Execution (Apache Log4j)
Cisco Unified Call Manager Username Enumeration
citrix
Citrix Netscaler ADC & Gateway v13.1-50.23 - Out-Of-Bounds Memory Read
code42
Apache Code42 - Remote Code Execution (Apache Log4j)
CodiMD - File Upload
concrete
Concrete CMS <8.5.2 - Cross-Site Scripting
confluence
Atlassian Confluence < 5.8.6 Server-Side Request Forgery
Copyparty v1.8.6 - Cross-Site Scripting
dahua
Dahua Bitmap - File Upload Remote Code Execution
Dahua EIMS - Remote Command Execution
Dahua Intelligent IoT - Information Disclosure
Dahua Smart Park Management Platform - Arbitary File Read
Dahua Smart Park Integrated Management Platform - Remote Command Execution
DbGate Web Client - Unauthenticated Remote Command Execution
dedecms
DedeCmsV5.6 Carbuyaction Fileinclude
DedeCMS 5.7 - Cross-Site Scripting
Dede CMS - SQL Injection
DedeCMS - Open Redirect
DedeCMS 5.8.1-beta - Remote Code Execution
DEOS OPEN 500EMS Controller - Admin Exposure
discuz
Discuz! X2.5 - Path Disclosure
dlink
D-Link NAS `sc_mgr.cgi` - Remote Code Execution
Dlink DSR-250 and Netgear Prosafe - Cross-Site Scripting
drupal
Drupal Avatar Uploader - Cross-Site Scripting
Drupal 7 Elfinder - Remote Code Execution
ecstatic
Node ecstatic Internal Path - Exposure
Node ecstatic Directory Listing
esafenet
Esafenet CDG mysql - File Read
Esafenet CDG NetSecConfigAjax - Sql Injection
Esafenet CDG NoticeAjax - Sql Injection
fastjson
Fastjson 1.2.24 - Remote Code Execution
Fastjson 1.2.41 - Remote Code Execution
Fastjson 1.2.42 - Remote Code Execution
Fastjson 1.2.43 - Remote Code Execution
Fastjson 1.2.47 - Remote Code Execution
Fastjson 1.2.62 - Remote Code Execution
Fastjson 1.2.67 - Remote Code Execution
Fastjson 1.2.68 - Remote Code Execution
feiyuxing
FeiYuXing Enterprise Router - Information Leakage
finereport
FineReport v9 Arbitrary File Overwrite
FineReport 8.0 - Local File Inclusion
FineReport SQLi - Remote Code Execution
Fronsetiav1.1 - Cross-Site Scripting
Froxlor Server Management - Cross-Site Scripting
generic
Basic XSS Prober - Cross-Site Scripting
Cache Poisoning Detection
Cache Poisoning - Stored XSS
CORS Misconfiguration
CRLF - Injection Detection
Error based SQL injection
Generic Blind XXE
Generic Env File Disclosure
Generic J2EE LFI Scan Panel - Detect
Generic Linux - Local File Inclusion
Windows - Local File Inclusion
Host Header Injection
Header Based Generic OOB Interaction
Parameter Based Generic OOB Interaction
Open Redirect - Detection
OOB Request Based Interaction
Top 38 Parameters - Cross-Site Scripting
XMLRPC Pingback SSRF
Fuzzing Parameters - Cross-Site Scripting
GeoVision Geowebserver <= 5.3.3 - Local File Inclusion / Cross-Site Scripting
gitea
Gitea 1.4.0 - Remote Code Execution
gitlab
GitLab CE/EE Unauthenticated RCE Using ExifTool
gnuboard
Gnuboard CMS - Cross-Site Scripting
Gnuboard 5 - Cross-Site Scripting
Gnuboard 5 - Cross-Site Scripting
gradio
Gradio 3.47/3.50.2 - Local File Inclusion
Gradio 3.47 - 3.50.2 - Server-Side Request Forgery
grafana
Grafana 8.x - Local File Inclusion
hcm
HCM Cloud - Arbitrary File Read
hikvision
HIKVISION applyCT Fastjson - Remote Command Execution
HIKVISION iSecure Center - Information Leak
Hikvison iVMS - File Upload Bypass
Hikvision iVMS-8700 - File Upload Remote Code Execution
Hikvision iSecure Center - File Upload
hjsoft
Hongjing HCM - Local File Inclusion
Hongjing HCM - Sql Injection
Hongjing HCM - Time-Based Sql Injection
httpbin
HTTPBin - Open Redirect
HTTPBin - Cross-Site Scripting
huatian
Huatian Power OA 8000 - SQL Injection
huawei
Huawei Auth Http Server - Arbitrary File Read
Huawei HG255s - Local File Inclusion
ibm
IBM Eclipse Help System - Cross-Site Scripting
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Local File Inclusion
idoc
IDoc View /html/2word - Arbitrary File Upload
IDoc View - Arbitrary File Read
imo
IMO - Arbitrary File Download
IMO - Remote Code Execution
infinitt
Infinitt PACS System - Arbitary File Upload
Infinitt PACS System - Information Disclosure
j2ee
Liferay - Local File Inclusion
jamf
JAMF Blind XXE / SSRF
JamF (Log4j) - Remote Code Execution
jenkins
Jenkins panel async-people
Jenkins - Remote Code Execution
Detect Jenkins in Debug Mode with Stack Traces Enabled
Jenkins Dashboard - Unauthenticated Access
jinhe
Jinhe OA - SQL Injection
Jinhe OA C6 download.jsp - Arbitary File Read
Jinhe OA_C6_UploadFileDownLoadnew - Arbitrary File Read
jira
Atlassian Jira Service Desk Signup
Jira Unauthenticated Admin Projects
Jira Unauthenticated Dashboards
Jira Unauthenticated Installed gadgets
Jira Unauthenticated Project Categories
Jira Unauthenticated Projects
Jira Unauthenticated Resolutions
Jira Unauthenticated Access to screens
Jira Unauthenticated User Picker
jolokia
Jolokia write to RCE valve
Jolokia file write to RCE jfr
Jolokia - CompilerDirectivesAdd File Read
Jolokia Java Heap Information Disclosure
Jolokia <= 1.7.1 Information Leakage
joomla
Joomla! com_booking component 2.4.9 - Information Leak
Joomla `departments` - SQL Injection
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
Joomla iProperty Real Estate 4.1.1 - Cross-Site Scripting
Joomla JoomBri Careers 3.3.0 - Cross-Site Scripting
Joomla! Component com_sef - Local File Inclusion
Joomla JVTwitter - Cross-Site Scripting
Joomla MarvikShop ShoppingCart 3.4 - Sql Injection
Joomla MarvikShop ShoppingCart 3.4 - Cross-Site Scripting
Joomla Solidres 2.13.3 - Cross-Site Scripting
Joomla! CMS <=3.4.6 - Remote Code Execution
jorani
Jorani v1.0.3-2014-2023 Benjamin BALET - Cross-Site Scripting
juniper
JunOS - Cross-Site Scripting
Jupyter Notebook - Remote Command Execution
kkFileView 4.0.0 - Server-Side Request Forgery
landray
Landray EIS - SQL Injection
Landray EIS WS_getAllInfos - Information Disclosure
Landray OA replaceExtend Function - Remote Code Execution
Landray-OA - Remote code Execution
Landray OA Treexml.tmpl - Remote Code Execution
laravel
Laravel Ignition - Cross-Site Scripting
leantime
Leantime < 3.3 = Cross-Site Scripting
linkerd
Linkerd Service detection
Lucee < 6.0.1.59 - Remote Code Execution
magento
Exposed Magento 2 API
Magento Cacheleak
Magento Unprotected development files
Malwared BYOB - Unauthenticated Remote Code Execution
mamp
MAMP Server - Cross-Site Scripting
metersphere
MeterSphere - Remote Code Execution
microsoft
Office Web Apps Server Full Read - Server Side Request Forgery
mingsoft
Mingsoft MCMS 5.2.1 - SQL Injection
mobileiron
Ivanti MobileIron (Log4j) - Remote Code Execution
moodle
Moodle Jmol Filter 6.1 - Local File Inclusion
Moodle Jsmol - Cross-Site Scripting
Moodle - Cross-Site Scripting
nagios
Nagios XI 5.7.1 - Cross-Site Scripting
netgear
Netgear DGN Devices - Command Execution
Netgear WNR614 - Improper Authentication
netmizer
NetMizer LogManagement System cmd.php - Remote Code Execution
NetMizer LogManagement System Data - Directory Exposure
netsweeper
Netsweeper 4.0.9 - Open Redirect
Netsweeper 4.0.9 - Cross-Site Scripting
Next.js Cache Poisoning
nextjs
Next.js - Cache Poisoning
Next.js - Cache Poisoning
nps
NPS - Authentication Bypass
nuxt
Arbitrary File Read in Dev Mode - Nuxt.js
Semi Arbitrary File Read in Dev Mode - Nuxt.js
Nuxt.js Error Page - Cross-Site Scripting
opencpu
OpenCPU - Remote Code Execution
oracle
Oracle eBusiness Suite - Improper File Access
Oracle E-Business Suite - Cross-Site Scripting
Oracle Siebel Loyalty 8.1 - Cross-Site Scripting
oscommerce
osCommerce 2.3.4.1 - Remote Code Execution
other
3CX Management Console - Local File Inclusion
74cms Sql Injection
Accent Microcomputers LFI
Let's Encrypt - Cross-Site Scripting
ACTi-Video Monitoring - Local File Inclusion
AeroCMS 0.0.1 - SQL Injection
AIC Intelligent Campus System - Password Exposure
Aishu AnyShare - Information Disclosure
Alibaba Anyproxy fetchBody File - Path Traversal
Alumni Management System 1.0 - SQL Injection
Apache Druid - Remote Code Execution (Apache Log4j)
Applezeed - SQL Injection
Aquatronica Control System 5.1.6 - Information Disclosure
Array VPN - Arbitrary File Reading Vulnerability
Asanhamayesh CMS 3.4.6 - Local File Inclusion
AspCMS commentList.asp - SQL Injection
ASP-Nuke - Open Redirect
WordPress Avada Website Builder <7.4.2 - Cross-Site Scripting
AVCON6 org_execl_download.action - Arbitrary File Download
AVCON6 - Arbitrary File Download
Azon Dominator - SQL Injection
Bagisto 2.1.2 Client-Side Template Injection
Longjing Technology BEMS API 1.21 - Local File Inclusion
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
BeyondTrust Remote Support 6.0 - Cross-Site Scripting
Bitrix Site Management Russia 2.0 - Open Redirect
Blue Ocean Excellence - Local File Inclusion
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated - SSRF
Bullwark Momentum Series JAWS 1.0 - Local File Inclusion
Cacti Weathermap File Write
CAIMORE Gateway - Remote Code Execution
Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local File Inclusion
Car Rental Management System 1.0 - Cross-Site Scripting
Castel Digital - Authentication Bypass
Caucho Resin - Information Disclosure
CERIO-DT Interface - Command Execution
Chamilo 1.11.14 - SQL Injection
Chamilo LMS 1.11.14 Cross-Site Scripting
Citrix XenApp - Remote Code Execution (Apache Log4j)
CKAN - DOM Cross-Site Scripting
C-Lodop Printer - Arbitrary File Read
Cloud OA System - SQL Injection
Cloudlog System - SQL Injection
CmsEasy crossall_act - SQL Injection
Adobe ColdFusion - Cross-Site Scripting
Comai RAS System Cookie - Authentication Override
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP Credentials Disclosure
Comtrend ADSL - Remote Code Execution
Core Chuangtian Cloud Desktop System - Remote Code Execution
CouchDB Admin Default - Detect
CPAS Management System - Arbitrary File Read
CPAS Management System - SQL Injection
Crawlab - Arbitrary File Read
Crocus system Service.do - Arbitrary File Read
Crystal Live HTTP Server 6.01 - Local File Inclusion
CS-Cart - Local File Inclusion
CSZ CMS 1.3.0 - SQL Injection
Company Visitor Management System 1.0 - SQL Injection
Dicoogle PACS 2.5.0 - Local File Inclusion
Digital Ocean - Server-side request forgery (SSRF)
Digital Rebar - Local File Inclusion
Discourse - Cross-Site Scripting
Emerson Dixell XWEB-500 - Arbitrary File Write
Dlink Dir-850L Info Leak
DoorGets CMS v7.0 - Information Disclosure
Dotnet CMS - SQL Injection
DSS Download - Local File Inclusion
Duomi CMS - SQL Injection
Dzzoffice 2.02.1 - Cross-Site Scripting
EAA Application Access System - Arbitary File Read
EasyCVR Video Management - Arbitrary File Read
EasyCVR video management - Users Information Exposure
EasyImage down.php - Arbitrary File Read
E-cology FileDownloadForOutDocSQL - SQL Injection
ECShop 2.x/3.x - SQL Injection
ECSIMAGING PACS <= 6.21.5 - Command Execution and Local File Inclusion
Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
Elasticsearch 5 - Remote Code Execution (Apache Log4j)
elFinder <=2.1.12 - Local File Inclusion
Elgg 5.1.4 - SQL Injection
Employee Management System 1.0 - SQL Injection
EnjoyRMIS - SQL Injection
EP Web Solutions CMS - Cross Site Scripting
EPP Server - Local File Inclusion
ErenSoft - SQL Injection
Complete Online Job Search System 1.0 - Cross-Site Scripting
ECTouch 2 - SQL Injection
EWEBS - Local File Inclusion
EyeLock nano NXT 3.5 - Arbitrary File Retrieval
F-Secure Policy Manager - Remote Code Execution (Apache Log4j)
Fanruan Report 2012 Information Disclosure
FastBee - Local File Inclusion
FatPipe WARP 10.2.2 - Authorization Bypass
FeiFeiCms - Local File Inclusion
FineCMS 5.0.10 - SQL Injection
FlatPress 1.2.1 - Stored Cross-Site Scripting
Flexnet - Remote Code Execution (Apache Log4j)
FLIR-AX8 res.php - Remote Code Execution
Flir - Local File Inclusion
FortiPortal - Remote Code Execution (Apache Log4j)
Fumasoft Cloud - SQL Injection
Fumeng - SQL Injection
GeoVision Geowebserver 5.3.3 - Local File Inclusion
GeoVision Geowebserver 5.3.3 - Cross-Site Scripting
Global Domains International - Local File Inclusion
Global Domains International - Cross-Site Scripting
Glodon Linkworks GWGdWebService - SQL injection
Unauthenticated Gloo UI
GoAnywhere Managed File Transfer - Remote Code Execution (Apache Log4j)
GoIP-1 GSM - Local File Inclusion
Graylog (Log4j) - Remote Code Execution
Groomify v1.0 - SQL Injection Vulnerability
Groupoffice 3.4.21 - Local File Inclusion
gSOAP 2.8 - Local File Inclusion
GZ Forum Script 1.8 - Cross-Site Scripting
H3C CNSSS - Arbitrary File Upload
H3C CVM - Arbitrary File Upload
H3c IMC - Remote Code Execution
Halo ITSM - Pre-Authentication SQL Injection
Hanming Video Conferencing - Local File Inclusion
Hanta Internet Behavior Management System - Remote Code Execution
Hashicorp Consul Services API - Remote Code Execution
Hasura GraphQL Engine - Remote Code Execution
Hasura GraphQL Engine - Server Side Request Forgery
Hiboss - Remote Code Execution
HIKVISION iSecure Center - Remote Code Execution
HJTcloud - Local File Inclusion
HJTcloud - Local File Inclusion
HomeAutomation 3.3.2 - Open Redirect
Hongfan OA ioFileExport.aspx - Arbitrary File Read
Hongfan OA ioAssistance.asmx - Remote Code Execution
Hongfan OA udfmr.asmx - SQL injection
Hospital Management System 1.0 - Cross-Site Scripting
Hospital Management System 1.0 - Cross-Site Scripting
Hrsale 2.0.0 - Local File Inclusion
HTTPBin - Cross-Site Scripting
Huatian Power OA 8000 workFlowService - SQL injection
HUAWEI HG659 - Local File Inclusion
Huawei Router - Authentication Bypass
Huijietong - Local File Inclusion
Huiwen library bibliographic Retrieval System - Information Exposure
IceWarp - Open Redirect
IceWarp WebClient - Remote Code Execution
Indonasia Toko CMS - SQL Injection
Inspur Clusterengine V4 SYSshell - Remote Command Execution
Interlib - Local File Inclusion
Jan - Arbitrary File Upload
JavaMelody - Cross-Site Scripting
JeePlus CMS - SQL Injection
JEEWMS - Local File Inclusion
JFrog Unauthentication Builds
Jinfornet Jreport 15.6 - Local File Inclusion
Jitsi Meet - Remote Code Execution (Apache Log4j)
Joomla! com_fabrik 3.9.11 - Local File Inclusion
Joomla JLex Review 6.0.1 - Cross-Site Scripting
Joomla jMarket 5.15 - Cross-Site Scripting
KafDrop - Cross-Site Scripting
Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
Kavita - Local File Inclusion
KevinLAB BEMS 1.0 - SQL Injection
Khodrochi CMS - Cross Site Scripting
Kingdee EAS - Local File Inclusion
Kingdee OA Yunxingkong kdsvc - Remote Code Execution
Kingsoft 8 - Local File Inclusion
Kingsoft VGM Antivirus - Arbitrary File Read
Kiwi TCMS Information Disclosure
Kedacom Network Keyboard Console - Arbitrary File Read
Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion
Landray OA Datajson S Bean - Remote Code Execution
Landray-OA - Remote Code Execution
UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
LVS Lean Value Management System Business - Directory Listing
LiveBOS ShowImage.do - Arbitrary File Read
Loan Management System 1.0 - SQL Injection
Logstash - Remote Code Execution (Apache Log4j)
Lokomedia CMS - LFI Vulnerability
LotusCMS 3.0 - Remote Code Execution
Lucee - Unset Credentials
Lucee - Cross-Site Scripting
Luftguitar CMS Arbitrary File Upload
LVS DownLoad.aspx - Local File Inclusion (LFI)
MagicFlow - Local File Inclusion
Maltrail <= v0.54 - Unauthenticated OS Command Injection
Manage Engine Desktop Central - Remote Code Execution (Apache Log4j)
McAfee ePolicy Orchestrator - Arbitrary File Upload
Mingsoft MCMS < 5.3.1 - Cross-Site Scripting
Metabase - Remote Code Execution (Apache Log4j)
MetInfo <=6.1.0 - Local File Inclusion
MicroStrategy tinyurl - Server-Side Request Forgery (Blind)
Microweber Cross-Site Scripting
Mida eFramework - Cross-Site Scripting
Mini Mouse 9.2.0 - Local File Inclusion
Mirai - Remote Command Injection
Mockoon <= 9.1.0 - Path Traversal
MoticDSM - Arbitrary File Read
MPSec ISG1000 - Local File Inclusion
MyuCMS - Local File Inclusion
Nacos 1.x - Authentication Bypass
Nacos - Information Disclosure
NatShell - Local File Inclusion
NatShell Debug File - Remote Code Execution
Ncast HD Intelligent Recording - Arbitrary File Reading
NETGEAR DGN2200v1 - Authentication Bypass
NETGEAR Routers - Serial Number Disclosure
NETGEAR WAC124 - Authentication Bypass
Netis E1+ V1.2.32533 - WiFi Password Disclosure
Netpower NPFW - Local File Inclusion
Newcapec - Remote Code Execution
News Script Pro 2.4 - Cross-Site Scripting
Next.js <1.2.3 - Open Redirect
Nginx Server - Local File Inclusion
Nginx Virtual Host Traffic Status Module - Cross-Site Scripting
nginxWebUI ≤ 3.5.0 - Remote Command Execution
nginxWebUI ≤ 3.5.0 runCmd - Remote Command Execution
NS ASG - Local File Inclusion
Nsfocus - Arbitrary User Login
Nsfocus - Arbitrary File Read
NUUO NVRmini 2 3.0.8 - Local File Inclusion
NUUO NVRmini 2 3.0.8 - Remote Code Execution
Odoo CMS - Open Redirect
Office Suite Premium < 10.9.1.42602 - Cross-Site Scripting
OfficeWeb365 Indexs Interface - Arbitary File Read
Okta - Remote Code Execution (Apache Log4j)
Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
Online Farm Management System 0.1.0 - Cross-Site Scripting
OpenCart Core 4.0.2.3 'search' - SQL Injection
OpenCTI 3.3.1 - Local File Inclusion
OpenNMS - JNDI Remote Code Execution (Apache Log4j)
OpenShift - Remote Code Execution (Apache Log4j)
openSIS 5.1 - Local File Inclusion
OpenSNS - Remote Code Execution
OpenVPN Host Header Injection
OptiLink ONT1GEW GPON Remote Code Execution
Oracle Fatwire 6.3 - Path Traversal
OrbiTeam BSCW Server - Local File Inclusion
Otobo - Open Redirect
Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read
PACSOne Server 6.6.2 - Local File Inclusion
Panabit iXCache date_config - Remote Code Execution
Panmicro E-Mobile System - Arbitrary File Read
Papercut - Remote Code Execution (Apache Log4j)
Parallels H-Sphere - Cross-Site Scripting
Blackboard - Cross-Site Scripting
PbootCMS 2.0.7 - SQL Injection
PDF Signer 3.0 - Template Injection
Pega - Remote Code Execution (Apache Log4j)
PHP Timeclock <=1.04 - Cross-Site Scripting
PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
PHPOK - SQL Injection
phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
Phuket Solution CMS - SQL Injection
Phuket Solution CMS - Cross Site Scripting
Pingsheng Electronic Reservoir Supervision Platform - Sql Injection
PMB 5.6 - Local File Inclusion
PMB 5.6 - Local File Inclusion
PMB <= 7.4.6 - SQL Injection
PMB v7.4.1 - Cross Site Scripting
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection
Mozilla Pollbot - Open Redirect
PowerCreator CMS - Remote Code Execution
pREST < 1.5.4 - SQL Injection Via Authentication Bypass
ProcessMaker <=3.5.4 - Local File Inclusion
Pyspider Unauthorized Access
Qcubed - Cross-Site Scripting
Qi'anxin Netkang Next Generation Firewall - Remote Code Execution
QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Arbitrary File Disclosure
Qizhi Fortressaircraft Unauthorized Access
Quick.CMS v6.7 - SQL Injection
rConfig 3.9.5 - Arbitrary File Upload
Readymade Unilevel Ecommerce MLM - SQL Injection
Readymade Unilevel Ecommerce MLM - Cross-Site Scripting
Reddit Top RSS - Cross-Site Scripting
RentEquip Multipurpose Rental 1.0 - Cross Site Scripting
Caucho Resin Information Disclosure
Caucho Resin LFR
Caucho Resin LFR
RockMongo 1.1.8 - Cross-Site Scripting
Rundeck - Remote Code Execution (Apache Log4j)
Sangfor Log Center - Remote Command Execution
Sangfor Application download.php - Arbitary File Read
Sangfor Application sys_user.conf Account Password Leakage
Synway SMG Gateway down.php - Arbitrary File Read
SAP Solution Manager - Open Redirect
sar2html 3.2.1 - Remote Command Injection
SeaCMS V6.4.5 RCE
SeaCMS 8.7 - SQL Injection
Seeyon OA (Log4j) - Remote Code Execution
Seowon 130-SLC router - Remote Code Execution
ServiceNow Helpdesk Credential Exposure
Sharp Multifunction Printers - Local File Inclusion
SHOOWBIZ - Cross Site Scripting
SIAM 2.0 - Cross-Site Scripting
Sickbeard - Cross-Site Scripting
Sitemap - SQL Injection
SiteMinder - DOM Cross-Site Scripting
Webbdesign SL-Studio - Local File Inclusion
Senayan Library Management System v8.3.1 (Akasia) - Cross-Site Scripting
Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting
Senayan Library Management System v9.4.0(SLIMS 9) - Cross Site Scripting
Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion
Solar-Log 500 2.8.2 - Incorrect Access Control
SolarView Compact 6.00 - Cross-Site Scripting
Sonicwall NSM - Remote Code Execution (Apache Log4j)
Sonicwall SSLVPN - Remote Code Execution (ShellShock)
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure
SOUND4 IMPACT/FIRST/PULSE/Eco <= 2.x - Authentication Bypass
Sound4 IMPACT/FIRST/PULSE/Eco <=2.x - Authentication Bypass
Unauthenticated Spark WebUI
Splunk Enterprise - Remote Code Execution (Apache Log4j)
Sponip Network System Ping - Remote Code Execution
SSL VPN Client - Remote Code Execution
Stackposts Social Marketing Tool v1.0 - SQL Injection
SteVe - Cross-Site Scripting
Surreal ToDo 0.6.1.2 - Local File Inclusion
Symantec Messaging Gateway <=10.6.1 - Local File Inclusion
Symantec SEPM - Remote Code Execution (Apache Log4j)
Taiwanese Travel - Local File Inclusion
Talroo Jobs Script 1.0 - Cross-Site Scripting
TamronOS IPTV/VOD - Remote Command Execution
TamronOS IPTV - Arbitrary User Creation
Tekon - Unauthenticated Log Leak
Tendat Router Credential - Exposure
Thinkific - Open Redirect
Thruk Monitoring Webinterface - Cross-Site Scripting
Tianqing Info Leak
Tiki Wiki CMS Groupware 5.2 - Cross-Site Scripting
Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting
TPshop - Local File Inclusion
TurboCRM - Cross-Site Scripting
Twig PHP <2.4.4 template engine - SSTI
UEditor - Arbitrary File Upload
Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF)
Hoteldruid Management Panel Access
Unauthenticated Spark REST API
UniFi Network Application - Remote Code Execution (Apache Log4j)
Universal Media Server v13.2.1 - Cross Site Scripting
UPS Network Management Card 4 Path Traversal
User Management/Registration & Login v3.0 - SQL Injection
Vanguard Marketplace CMS 2.1 - Cross-Site Scripting
viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
VMware Site Recovery Manager - Remote Code Execution (Apache Log4j)
Voyager 1.3.0 - Directory Traversal
Vehicle Parking Management System 1.0 - SQL Injection
Wapples Web Application Firewall - Local File Inclusion
WatchGuard Fireware AD Helper Component - Credentials Disclosure
Webigniter 28.7.23 - Cross-Site Scripting
Webp Server Go - Path Traversal
Web Page Test - Server Side Request Forgery (SSRF)
WebUI 1.5b6 - Remote Code Execution
WEMS Enterprise Manager - Cross-Site Scripting
WIFISKY-7 Layer Flow Control Router - Remote Code Execution
WiseGiga NAS - Arbitrary File Read
WSO2 <5.8.0 - Server Side Request Forgery
Wuzhicms 4.1.0 - SQL Injection
XdCMS - SQL Injection
Citrix XenMobile Server - Remote Code Execution (Apache Log4j)
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion
Xhibiter NFT Marketplace 1.10.2 - SQL Injection
XXL-JOB executor - Unauthorized Access
Yapi - Remote Code Execution
Apache Hadoop YARN ResourceManager - Remote Code Execution
YesWiki <2022-07-07 - SQL Injection
YesWiki - Stored Cross-Site Scripting
YesWiki <2022-07-07 - Cross-Site Scripting
Yibao OA System - SQL Injection
yishaadmin - Local File Inclusion
Yunanbao Cloud Box FastJson - Deserialization Remote Code Execution
ZCMS - SQL Injection
Zhixiang OA msglog.aspx - SQL injection
Zimbra Collaboration Suite - Server-Side Request Forgery
Zoo Management System 1.0 - SQL Injection
Zoo Management System 1.0 - SQL Injection
ZZCMS - Cross-Site Scripting
php
Xdebug remote code execution via xdebug.remote_connect_back
PhpMyAdmin - Unauthenticated Access
Open Journal Systems pkp-lib - Open Redirect
Portainer - Init Deploy Discovery
prestashop
PrestaShop Ap Marketplace - SQL Injection
Prestashop Blocktestimonial Modules - File Upload Vulnerability
Prestashop Cart Abandonment Pro File Upload
qax
Secure Access Gateway SecSSLVPN - Authentication Bypass
Qibocms - Arbitrary File Download
rails
Ruby on Rails - CRLF Injection and Cross-Site Scripting
ransomware
Deadbolt Ransomware Detection
realor
Realor GWT System SQL injection
retool
Retool < 3.88 - SVG Cross-Site Scripting
rocketchat
RocketChat Live Chat - Unauthenticated Read Access
royalevent
Royal Event Management System - Cross-Site Scripting
Royal Event Management System - Stored Cross-Site Scripting
ruijie
Ruijie EG - Remote Code Execution
Ruijie Switch Web Management System EXCU_SHELL - Information Disclosure
Ruijie NBR fileupload.php - Arbitrary File Upload
Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File Inclusion
Ruijie RG-UAC nmc_sync.php - Remote Code Execution
RG-UAC Ruijie - Password Hashes Leak
Ruijie RG-EG - Remote Code Execution
Ruijie EG Easy Gateway - Remote Command Execution
samsung
Samsung WLAN AP WEA453e - Local File Inclusion
Samsung WLAN AP WEA453e - Remote Code Execution
Samsung WLAN AP WEA453e - Cross-Site Scripting
sangfor
Sangfor BA - Remote Code Execution
Sangfor EDR - Authentication Bypass
Sangfor EDR 3.2.17R1/3.2.21 - Remote Code Execution
Sangfor Application Login - Remote Command Execution
Sangfor Next Gen Application Firewall - Arbitary File Read
secworld
SecGate 3600 Firewall obj_app_upfile - Arbitrary File Upload
seeyon
Seeyon OA A6 config.jsp - Information Disclosure
Seeyon OA A6 createMysql.jsp Database - Information Disclosure
Seeyon OA A6 initDataAssess.jsp - Information Disclosure
Seeyon OA Fastjson Remote Code Execution
Seeyon OA A6 setextno.jsp - SQL Injection
Seeyon OA wpsAssistServlet - Arbitrary File Upload
Seeyon WooYun - Local File Inclusion
Zhiyuan OA Arbitrary File Upload Vulnerability
Zhiyuan Oa A6-s info Leak
Zhiyuan OA Session Leak
shiziyu-cms
Shiziyu CMS Api Controller - SQL Injection
simplecrm
Simple CRM 3.0 SQL Injection and Authentication Bypass
sitecore
SiteCore XML Control Script Insertion
smartbi
Smartbi windowunloading Interface - Deserialization
splash
Splash Render - SSRF
spring
Jolokia Logback JNDI - Remote Code Execution
springboot
Spring Boot Actuators (Jolokia) XXE
Spring Boot H2 Database - Remote Command Execution
Spring Boot - Remote Code Execution (Apache Log4j)
squirrelmail
SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
SquirrelMail 1.2.11 - Local File Inclusion
SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting
thinkcmf
ThinkCMF - Remote Code Execution
ThinkCMF - Local File Inclusion
ThinkCMF - Remote Code Execution
thinkphp
ThinkPHP 2/3 - Remote Code Execution
ThinkPHP 5.0.1 - Remote Code Execution
ThinkPHP - Remote Code Execution
ThinkPHP 5.0.23 - Remote Code Execution
ThinkPHP 5.0.9 - Information Disclosure
ThinkPHP 6.0.0~6.0.1 - Arbitrary File Write
titan
TitanNit Web Control 2.01/Atemio 7600 Root - Remote Code Execution
tongda
Tongda OA v2017 action_upload - Arbitrary File Upload
Tongda OA v11.8 api.ali.php - Arbitrary File Upload
Tongda OA 11.7 - Authentication Bypass
Tongda OA v2014 Get Contactlistt - Sensitive Information Disclosure
Tongda OA v11.9 getadata - Remote Code Execution
Tongda OA v11.8 getway.php - Remote File Inclution
Tongda OA v11.6 Insert Parameter - SQL Injection
Tongda OA v11.8 logincheck_code.php - Authentication Bypass
Tongda OA Meeting - Unauthorized Access
Tongda OA v11.5 swfupload_new.php - SQL Injection
Office Anywhere TongDa - Path Traversal
Tongda OA v11.6 report_bi.func.php - SQL injection
Tongda User Session Disclosure
Tongda OA V2017 Video File - Arbitrary File Read
Tongda OA - Authentication Bypass
topsec
Topsec Topacm - Remote Code Execution
Topsec TopAppLB - Authentication Bypass
ueditor
UEditor - Server Side Request Forgery
ueditor - Cross Site Scripting
vbulletin
Arcade.php - SQL Injection
vBulletin 3.x / 4.x AjaxReg - SQL Injection
vBulletin Backdoor - Detect
vBulletin `Search.php` - SQL Injection
Schneider Electric Pelco VideoXpert Core Admin Portal - Local File Inclusion
vmware
VMWare Cloud - Cross Site Scripting
VMware HCX - Remote Code Execution (Apache Log4j)
VMware Horizon - JNDI Remote Code Execution (Apache Log4j)
VMware NSX - Remote Code Execution (Apache Log4j)
VMware NSX Manager XStream Pre-authenticated Remote Code Execution
VMware Operations Manager - Remote Code Execution (Apache Log4j)
VMware vCenter - Local File Inclusion
Linux Vmware Vcenter - Local File Inclusion
VMware VCenter - Remote Code Execution (Apache Log4j)
VMware vCenter - Server-Side Request Forgery/Local File Inclusion/Cross-Site Scripting
VMware vRealize Operations Tenant - JNDI Remote Code Execution (Apache Log4j)
wanhu
WanhuOA DocumentEdit.jsp - SQL Injection
Wanhu OA download_ftp.jsp - Arbitrary File Read
Wanhu OA download_old.jsp - Arbitrary File Read
Wanhu OA Fileupload Controller - Arbitrary File Upload
Wanhu OA TeleConferenceService Interface - XML External Entity Injection
Wanhu OA DownloadServlet - Remote File Disclosure
Wanhu OA OfficeServerServlet - Arbitrary File Upload
Wanhu OA smartUpload.jsp - Arbitrary File Upload
weaver
ecology
Ecology - Arbitrary File Upload
Ecology - Local File Inclusion
Fanwei OA E-Office - Information Disclosure
EcologyOA deleteUserRequestInfoByXml - XML External Entity Injection
Ecology Springframework - Local File Inclusion
Ecology Syncuserinfo - SQL Injection
Ecology 8 - SQL Injection
Weaver E-Cology JqueryFileTree - Directory Traversal
Weaver e-cology verifyquicklogin.jsp - Auth Bypass
eoffice
Weaver E-Office v9.5 - Arbitrary File Upload
OA 9 - Arbitrary File Upload
Ecology OA CheckServer - SQL Injection
Weaver e-cology Validate.JSP - SQL Injection
Weaver E-mobile client.do - Remote Code Execution
Weaver E-Bidge saveYZJFile - Local File Read
Weaver E-Cology BeanShell - Remote Command Execution
Weaver E-Cology `getsqldata` - SQL Injection
Weaver E-Cology HrmCareerApplyPerView - SQL Injection
OA E-Office group_xml.php - SQL Injection
OA E-Office jQuery - Arbitrary File Upload
Weaver E-Cology KtreeUploadAction - Arbitrary File Upload
OA E-Office LazyUploadify - Arbitrary File Upload
OA E-Mobile login_quick.php - Login SessionKey
OA E-Office mysql_config.ini - Information Disclosure
OA E-Office OfficeServer.php Arbitrary File Upload
OA E-Office officeserver.php Arbitrary File Read
OA E-Weaver SignatureDownLoad - Arbitrary File Read
OA E-Weaver SptmForPortalThumbnail - Arbitrary File Read
OA E-Office Uploadify - Arbitrary File Upload
Weaver OA Workrelate - Arbitary File Upload
OA E-Office UserSelect Unauthorized Access
webp-server-go
Webp server go - Local File Inclusion
wechat
WeChat agentinfo - Information Exposure
wordpress
3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting
WordPress 3DPrint Lite <1.9.1.5 - Arbitrary File Upload
WordPress 404 to 301 Log Manager <3.1.2 - Cross-Site Scripting
WordPress Ad Widget 2.11.0 - Local File Inclusion
WordPress Advanced Access Manager < 5.9.9 - Local File Inclusion
Advanced Booking Calendar < 1.6.2 - SQL Injection
WordPress Age Gate <2.13.5 - Open Redirect
WordPress Age Gate <2.20.4 - Cross-Site Scripting
WordPress AIT CSV Import Export - Unauthenticated Remote Code Execution
alfacgiapi
WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion
Analytify <4.2.1 - Cross-Site Scripting
WordPress Core 5.6 and 6.3.1 - Cross-Site Scripting
Wordpress Aspose Cloud eBook Generator - Local File Inclusion
WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion
WordPress Aspose PDF Exporter - Local File Inclusion
WordPress Aspose Words Exporter <2.0 - Local File Inclusion
WordPress Attitude 1.1.1 - Open Redirect
WordPress AVChat Video Chat 1.4.1 - Cross-Site Scripting
News & Blog Designer Pack < 3.4.2 - Remote Code Execution
Booked < 2.2.6 - Broken Authentication
Wordpress Brandfolder - Remote/Local File Inclusion
WordPress Brandfolder - Open Redirect (RFI & LFI)
WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting
WordPress Checkout Fields Manager for WooCommerce <5.5.7 - Cross-Site Scripting
Cherry Plugin < 1.2.7 - Arbitrary File Retrieval and File Upload
WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and Download
WordPress Church Admin 0.33.2.1 - Local File Inclusion
WordPress ChurcHope Theme <= 2.1 - Local File Inclusion
WordPress Clearfy Cache <2.0.5 - Cross-Site Scripting
WordPress Video Gallery <= 2.8 - SQL Injection
WordPress CURCY - Multi Currency for WooCommerce <2.1.18 - Cross-Site Scripting
WordPress Diarise 1.5.9 - Arbitrary File Retrieval
WordPress Plugin dzs zoomsounds
WordPress Plugin Media Gallery Pro Listing
WordPress Eatery 2.2 - Open Redirect
WordPress WooCommerce Google Shopping < 1.2.4 - Cross-Site Scripting
WordPress Flow-Flow Social Stream <=3.0.71 - Cross-Site Scripting
Wordpress HB Audio Gallery Lite - Local File Inclusion
WordPress Health Check & Troubleshooting <1.24 - Local File Inclusion
WordPress Hide Security Enhancer 1.3.9.2 Local File Inclusion
Wordpress Plugin Issuu Panel Remote/Local File Inclusion
KNR Author List Widget - Cross-site Scripting
Ldap WP Login / Active Directory Integration < 3.0.2 - Cross-Site Scripting
LeagueManager <= 3.9.11 - SQL Injection
WordPress Members List <4.3.7 - Cross-Site Scripting
WordPress Modula Image Gallery <2.6.7 - Cross-Site Scripting
WordPress mTheme-Unus Theme - Local File Inclusion
WordPress eCommerce Music Store <=1.0.14 - Open Redirect
WordPress My Chatbot <= 1.1 - Cross-Site Scripting
WordPress NativeChurch Theme - Local File Inclusion
WordPress New User Approve <2.4.1 - Cross-Site Scripting
WordPress Newsletter Manager < 1.5 - Unauthenticated Open Redirect
Ninja Forms < 3.5.5 - Cross-Site Scripting
NotificationX < 2.3.12 - SQL Injection
Photo Gallery < 1.7.1 - Cross-Site Scripting
Gallery Photoblocks < 1.1.41 - Cross-Site Scripting
WordPress Pie Register < 3.7.2.4 - Open Redirect
Sassy Social Share <=3.3.3 - Cross-Site Scripting
WordPress Plugin ‘SeatReg’ - Open Redirect
WordPress SEO Redirection <7.4 - Cross-Site Scripting
WordPress Download Shortcode 0.2.3 - Local File Inclusion
WordPress ShortPixel Image Optimizer <4.22.10 - Cross-Site Scripting
WordPress Ultimate Member <2.1.7 - Open Redirect
WordPress Duplicator Plugin - Information disclosure
VRview Plugin - Cross-Site Scripting
Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)
Watu Quiz < 3.1.2.6 - Cross Site Scripting
WordPress Weekender Newspaper 9.0 - Open Redirect
WordPress WooCommerce PDF Invoices & Packing Slips <2.15.0 - Cross-Site Scripting
WordPress wp-config Detection
WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure
WordPress bbPress Plugin Directory Listing
WordPress DB Backup
WordPress DB Backup
Wordpress DB Repair Exposed
WordPress Debug Log - Exposure
Wordpress directory listing
WordPress Elementor Plugin Directory Listing
WordPress Emergency Script
Wordpress Git Config
WordPress gtranslate Plugin Directory Listing
WordPress Installer Log
WordPress SimpleFilelist - Remote Code Execution
Wordpress RDF User Enumeration
WordPress Redirection Plugin Directory Listing
Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
Wordpress Oembed Proxy - Server-side request forgery
WordPress ThemeMarkers DB Migration File
WordPress Total Upkeep Database and Files Backup Download
UpdraftPlus Plugin Pem Key
Wordpress User Enumeration
WordPress WooCommerce - Directory Search
WordPress Wordfence 7.4.5 - Local File Inclusion
Wordpress Wordfence - Cross-Site Scripting
WordPress Wordfence 7.4.6 - Cross0Site Scripting
Wordpress wp-cron.php DOS
Wordpress XML-RPC List System Methods
Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
WordPress 123ContactForm Plugin Directory Listing
WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting
WordPress adivaha Travel Plugin 2.3 - SQL Injection
WordPress Adivaha Travel Plugin 2.3 - Cross-Site Scripting
WordPress All Export <1.3.6 - Cross-Site Scripting
Altair WordPress theme v4.8 - Directory Listing
WordPress Ambience Theme <=1.0 - Cross-Site Scripting
WordPress Plugin Arforms Listing
WP AutoSuggest 0.24 - SQL Injection
WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting
WordPress Code Snippets - Cross-Site Scripting
WordPress Setup Configuration
WordPress Custom Tables 3.4.4 - Cross-Site Scripting
Ellipsis Human Presence Technology <= 2.0.8 - Cross Site Scripting
WordPress Plugin Email Subscribers Listing
WordPress user registration enabled
WordPress Finder - Cross-Site Scripting
WordPress FlagEm - Cross-Site Scripting
WordPress 6.3-6.3.1 Footnotes Block - Cross-Site Scripting
Wordpress - Path Disclosure
WordPress Plugin Gallery 3.06 - Arbitrary File Upload
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
WordPress Grimag <1.1.1 - Open Redirection
GTranslate < 2.8.11 - Open Redirect
WordPress Themes Haberadam JSON API - IDOR and Path Disclosure
WordPress Plugin Idx Broker Platinum Listing
WordPress Woody Code Snippets <2.4.6 - Cross-Site Scripting
WordPress Plugin Iwp-client Listing
WordPress Javo Spot Premium Theme - Local File Inclusion
WordPress Gutenberg Blocks Plugin <= 3.1.10 - Arbitrary File Upload
WordPress Knews Multilingual Newsletters 1.1.0 - Cross-Site Scripting
WordPress license file disclosure
WordPress Mailchimp 4 Debug Log Exposure
Mega Wordpress Theme - Cross site scripting
WordPress Memphis Document Library 3.1.5 - Local File Inclusion
Wordpress Plugin MStore API
WordPress Themes - Code Injection
WordPress NextGEN Gallery 1.9.10 - Cross-Site Scripting
WordPress Oxygen-Theme - Local File Inclusion
WordPress PHPFreeChat 0.2.8 - Cross-Site Scripting
WordPress 1 flash gallery listing
WordPress Plugin lifterlms Listing
WordPress Plugin Ultimate Member
WordPress Popup Plugin Directory Listing
WordPress Portrait-Archiv.com Photostore 5.0.4 - Reflected Cross Site Scripting
WordPress ProStore <1.1.3 - Open Redirect
WordPress Plugin Qards
Qwiz Online Quizzes And Flashcards <= 3.36 - Cross-Site Scripting
WordPress Real Estate 7 Theme <= 3.3.4 - Cross-Site Scripting
Reality Estate Multipurpose WP-Theme < 2.5.3 - Cross-Site Scripting
WordPress Related Posts <= 2.1.1 - Cross Site Scripting
WordPress Securimage-WP 3.2.4 - Cross-Site Scripting
WordPress All-in-One Security <=4.4.1 - Open Redirect
WordPress Plugin Sfwd-lms Listing
WordPress Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE
WordPress Slideshow - Cross-Site Scripting
Smart Manager for WooCommerce & WPeC <= 3.9.6 - SQL Injection
Social Warfare <= 3.5.2 - Remote Code Execution
WordPress SocialFit - Cross-Site Scripting
WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal
WordPress WP Statistics Plugin 13.0.7 - SQL Injection
WordPress super-forms Plugin Directory Listing
Superstorefinder WP-plugin - Security Misconfigurations
Wordpress sym404 directory
Tinymce Thumbnail Gallery <=1.0.7 - Local File Inclusion
WordPress WPtouch 3.7.5 - Open Redirect
WordPress tutor 1.5.3 - Local File Inclusion
Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Server Side Request Forgery (SSRF)
wordpress-upload-data
WordPress Upward Themes <1.5 - Open Redirect
WordPress REST API User Enumeration
WordPress Vault 0.8.6.6 - Local File Inclusion
WP VR-View Plugin - Cross-Site Scripting
Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass
Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download
Woocommerce - PDF Invoice Exposure
WordPress xmlrpc
Wordpress XMLRPC.php username and password Bruteforcer
Wordpress XMLRPC - Pingback Detection
WordPress Yoast SEO Plugin - User Enumeration
Wpdm-Cache Session
WordPress WPify Woo Czech <3.5.7 - Cross-Site Scripting
WordPress Plugin WPML Version < 4.6.1 Cross-Site Scripting
Wpmudev Dashboard Pub Key
WordPress WPtouch 3.x - Open Redirect
WordPress WPtouch <4.3.44 - Cross-Site Scripting
WordPress Zero Spam <= 2.1.1 - Blind SQL Injection
yonyou
Changjietong Remote Communication GNRemote.dll - SQL Injection
Chanjet Tplus CheckMutex - SQL Injection
Chanjet TPlus DownloadProxy.aspx - Arbitrary File Read
UFIDA Chanjet TPluse Upload.aspx - Arbitrary File Upload
Chanjet TPluse Ufida.T.SM.Login.UIP - SQL injection
ERP-NC - Local File Inclusion
UFIDA GRP-U8 UploadFileData - Arbitrary File Upload
Wooyun - Local File Inclusion
FE collaborative Office templateOfTaohong_manager.jsp - Path Traversal
Yonyou NC FileReceiveServlet - Aribitrary File Upload
Yonyou UFIDA GRP-u8 - XXE
YonYou KSOA common/dept.jsp - SQL injection
YonYou NC Accept Upload - Arbitray File Upload
Yonyou NC BaseApp UploadServlet - Deserialization Detect
Yonyou NC ServiceDispatcher Servlet - Arbitrary File Upload
UFIDA NC Grouptemplet Interface - Unauthenticated File Upload
Yonyou UFIDA NC - Information Exposure
UFIDA NC NCMessageServlet - Deserialization RCE Detection
UFIDA U8-CRM getemaildata - Arbitary File Upload
UFIDA U8 CRM getemaildata.php - Arbitrary File Read
UFIDA U8 CRM cfillbacksetting.php - SQL Injection
UFIDA U8 CRM fillbacksetting.php - SQL Injection
Yonyou U8 - SQL Injection
Yonyou U8 bx_historyDataCheck - SQL Injection
UFIDA NC Cloud - SQL Injection
UFIDA NC Portal - Arbitrary File Read
YonBIP - Arbitrary File Read
zend
ZendFramework 1.12.2 - Cross-Site Scripting
zyxel
zhttpd - Local File Inclusion
Unauthenticated ZyXEL USG ZTP - Detect
zzzcms
Zzzcms 1.75 - Information Disclosure
ZzzCMS 1.75 - Server-Side Request Forgery
Zzzcms 1.75 - Cross-Site Scripting
javascript
audit
mysql
MySQL LOAD_FILE - Enable
ssh
Change SSH Default Port
Disable SSH Empty Password
Disable SSH Root Login
Disable SSH Forwarding
Disable SSH Protocol 1
Enable Privilege Separation in SSH
Hide SSH Last Login Information
Set SSH Idle Timeout Interval
Limit SSH Users Group Access
Limit SSH Users Access
SSH Key-Based Authentication - Disabled
Unrestricted SSH Access from Non-Whitelisted IPs
backdoor
ProFTPd-1.3.3c - Backdoor Command Execution
cves
2012
MySQL - Authentication Bypass
2016
Memcached Server SASL Authentication - Remote Code Execution
2019
PostgreSQL 9.3-12.3 Authenticated Remote Code Execution
2020
OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution
2021
RealTek AP Router SDK - Arbitrary Command Injection
2023
VMWare Aria Operations - Remote Code Execution
Apache ActiveMQ - Remote Code Execution
OpenSSH Terrapin Attack - Detection
2024
Jenkins < 2.441 - Arbitrary File Read
Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution
CUPS - Remote Code Execution
default-logins
Microsoft Sql - Default Logins
MySQL - Default Login
Postgres - Default Logins
Redis - Default Logins
SSH - Default Logins
detection
Microsoft SQL(mssql) - Detect
Oracle - Detection
Oracle TNS Listener - Detect
RDP - Detection
Samba - Detection
SSH Auth Methods - Detection
enumeration
Check Point Firewall - Detect
ldap
LDAP Metadata - Enumeration
Minecraft - enum
mysql
MySQL Info - Enumeration
MySQL - Show Databases
MySQL - Show Variables
MySQL - User Enumeration
pgsql
Postgresql Default Database - Enumeration
PostgreSQL File Read
PostgreSQL List Database
PostgreSQL List Password Hashes
PostgreSQL List Users
Postgresql Version - Detect
pop3
POP3 Capabilities - Enumeration
redis
Redis Info - Detect
Redis Require Authentication - Detect
rsync
Rsync List Modules - Enumeration
Rsync Version - Detect
smb
NTLM Information - Detection
SMB Default Credential - Bruteforce
SMB - Enumeration
SMB - Enum Domains
SMB Operating System - Detect
SMB v1 Supported - Detection
SMB Version - Detection
smb2-capabilities - Enumeration
SMB2 Server Time - Detection
ssh
Obsolete and less secure SSH Version
SSH Diffie-Hellman Modulus <= 1024 Bits
SSH Password-based Authentication
SSH Server Software Enumeration
SSH SHA-1 HMAC Algorithms Enabled
misconfiguration
ldap
LDAP Anonymous Login - Detect
mysql
MySQL - Empty Password
pgsql
Postgresql Empty Password - Detect
PostgreSQL 8.1 Extensions - Remote Code Execution
smb
SMB Anonymous Access Detection
SMB Shares - Enumeration
SMB Signing Not Required
ssh
SSH Server CBC Mode Ciphers Enabled
SSH Weak Algorithms Supported
SSH Weak MAC Algorithms Enabled
SSH Host Keys < 2048 Bits Considered Weak
SSH Weak Key Exchange Algorithms Enabled
x11
x11 - Unauthenticated Access
udp
detection
Broadcast DB2 Discover
TFTP Service - Detection
network
backdoor
ZTE Router Panel - Detect
c2
7777-Botnet - Detect
DarkComet Trojan - Detect
DarkTrack RAT Trojan - Detect
Orcus RAT Trojan - Detect
XtremeRAT Trojan - Detect
cves
2001
Deprecated SSHv1 Protocol Detection
2004
Distccd v1 - Remote Code Execution
2011
VSFTPD 2.3.4 - Backdoor Command Execution
2015
ProFTPd - Remote Code Execution
2016
HP Data Protector - Arbitrary Command Execution
Oracle WebLogic Server Java Object Deserialization - Remote Code Execution
2017
Cisco IOS 12.2(55)SE11 - Remote Code Execution
Apache Log4j Server - Deserialization Command Execution
2018
Oracle WebLogic Server Deserialization - Remote Code Execution
Oracle WebLogic Server - Remote Code Execution
2020
Apache Airflow <=1.10.10 - Command Injection
Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability
2021
Apache Cassandra Load UDF RCE
2022
Redis Sandbox Escape - Remote Code Execution
CouchDB Erlang Distribution - Remote Command Execution
muhttpd <=1.1.5 - Local Inclusion
2023
RocketMQ <= 5.1.0 - Remote Code Execution
Fortinet Forticlient Endpoint Management Server - SQL Injection
default-login
FTP Anonymous Login
FTP Service - Credential Weakness
LDAP Server NULL Bind Connection Information Disclosure
detection
ActiveMQ OpenWire Transport Detection
AIX WebSM - Detect
Apache ActiveMQ Detection
AWS SFTP Service - Detect
Axigen Mail Server Detection
BGP Detection
SSH Bitvise Service - Detect
BlueCoat Telnet Proxy - Detect
Cisco Finger Daemon Detection
ClamAV Server Detect
CQL Native Transport Detect
AddPac GSM VoIP Gateway Panel - Detect
Jabber XMPP Protocol - Detect
Microsoft .NET Remoting httpd - Detect
ESMTP - Detect
Exim - Detect
EXPN Mail Server Detect
Finger Daemon Detection
Fortinet FGFM protocol - Detect
GNU Inetutils FTPd Detect
Gopher Service - Detect
IBM DB2 Database Server - Detect
IMAP - Detect
iPlanet Messaging Server IMAP Protocol - Detection
Java Remote Method Invocation Protocol - Detect
Microsoft FTP Service Detect
MikroTik FTP server Detect
MikroTik RouterOS API - Detect
MikroTik RouterOS SSH - Detect
MongoDB Service - Detect
MOVEit Transfer SFTP - Detect
MSMQ (Microsoft Message Queuing Service) Remote - Detect
MySQL - Detect
OpenSSH Service - Detect
PostgreSQL Authentication - Detect
POP3 Protocol - Detect
ProFTPD Server Detect
RabbitMQ Detection
Windows Remote Desktop Protocol - Detect
Redis Service - Detect
Riak Detection
Rpcbind Portmapper - Detect
Rsyncd Service - Detect
RTSP - Detect
SAPRouter Detection
SMTP Service Detection
Dropbear sshd Detection
STARTTLS Mail Server Detection
TeamSpeak 3 ServerQuery Detection
Telnet Detection
Totemomail SMTP Server Detection
VMware Authentication Daemon Detection
VNC Service Detection
Weblogic IIOP Protocol Detection
Weblogic T3 Protocol Detection
Wing FTP Service - Detect
WS_FTP-SSH Service - Detect
Xlight FTP Service Detect
enumeration
Beanstalk Service - Detect
Kafka Topics Enumeration
MongoDB Information - Detect
Niagara Fox Protocol Information Enumeration
PostgreSQL - User Enumeration
smtp
SMTP Commands Enumeration
SMTP User Enumeration
exposures
Cisco Smart Install Endpoints Exposure
Exposed Android Debug Bridge
Docker Daemon Exposed
Redis Server - Unauthenticated Access
Apache ZooKeeper - Unauthenticated Access
honeypot
ADBHoney Honeypot - Detect
ADBHoney Honeypot (shell probe) - Detect
Conpot (Siemens) Honeypot - Detect
Cowrie SSH Honeypot - Detect
Dionaea FTP Honeypot - Detect
Dionaea MQTT Honeypot - Detect
Dionaea MySQL Honeypot - Detect
Dionaea SMB Honeypot - Detect
GasPot Honeypot - Detect
Mailoney Honeypot - Detect
Redis Honeypot - Detect
jarm
c2
Cobalt Strike C2 JARM - Detect
Covenant C2 JARM - Detect
Deimos C2 JARM - Detect
EvilGinx2 JARM - Detect
Generic C2 JARM - Detect
Grat2 C2 JARM - Detect
Havoc C2 Jarm - Detect
MacC2 JARM - Detect
Macshell C2 JARM - Detect
Merlin C2 JARM - Detect
Metasploit C2 JARM - Detect
Mythic C2 JARM - Detect
Posh C2 JARM - Detect
Shad0w C2 JARM - Detect
SILENTTRINITY C2 JARM - Detect
Sliver C2 JARM - Detect
misconfig
Apache Dubbo - Unauthenticated Access
Apache Rocketmq Broker - Unauthenticated Access
ClamAV Server - Unauthenticated Access
ClickHouse - Unauthorized Access
Erlang Port Mapper Daemon
Ganglia XML Grid Monitor
Lantronix XPort 6.10.0.1 - Unauthenticated Access
Memcached stats disclosure
MongoDB - Unauthenticated Access
MySQL - Password Vulnerability
Unauthorized Printer Access
SAPRouter - Routing information leak
TiDB - Password Vulnerability
TiDB - Unauthenticated Access
PostgreSQL - Unauthenticated Access
vulnerabilities
ClockWatch Enterprise - Remote Code Execution
passive
cves
2024
ZenML ZenML Server - Improper Authentication
Change Detection - Server Side Template Injection
Veeam Backup & Replication - Unauthenticated
profiles
alibaba-cloud-config.yml
all.yml
aws-cloud-config.yml
azure-cloud-config.yml
cloud.yml
compliance.yml
cves.yml
default-login.yml
k8s-cluster-security.yml
kev.yml
misconfigurations.yml
osint.yml
pentest.yml
privilege-escalation.yml
recommended.yml
subdomain-takeovers.yml
windows-audit.yml
wordpress.yml
ssl
c2
AsyncRAT C2 - Detect
Bitrat C2 - Detect
Cobalt Strike C2 - Detect
Covenant C2 SSL - Detect
DcRat Server C2 - Detect
Gozi Malware C2 - Detect
Havoc C2 - Detect
IcedID Infrastructure - Detect
Metasploit C2 - Detect
Mythic C2 SSL - Detect
Onimai RAT C2 SSL Certificate - Detect
OrcusRAT - Detect
Posh C2 - Detect
Quasar RAT C2 SSL Certificate - Detect
ShadowPad C2 Infrastructure - Detect
Sliver C2 - Detect
VenomRAT - Detect
Deprecated TLS Detection
Detect SSL Certificate Issuer
Expired SSL Certificate
fortinet
Fortinet FortiAnalyzer Certificate - Detect
Fortinet FortiAuthenticator Certificate - Detect
Fortinet FortiDDoS Certificate - Detect
Fortinet FortiGate Certificate - Detect
Fortinet FortiManager Certificate - Detect
Fortinet FortiWifi Certificate - Detect
Insecure Cipher Suite Detection
Kubernetes Fake Ingress Certificate - Detect
Mismatched SSL Certificate
Revoked SSL Certificate - Detect
Self Signed SSL Certificate
SSL DNS Names
TLS Version - Detect
Untrusted Root Certificate - Detect
Weak Cipher Suites Detection
Wildcard TLS Certificate
workflows
74cms Security Checks
Acrolinx Security Checks
ActiveMQ Security Checks
Adminer Security Checks
Adobe Experience Manager Security Checks
Apache Airflow Security Checks
Ambari Security Checks
Apache workflow
Apereo CAS Security Checks
Apache Apisix Security Checks
Artica Web Proxy Security Checks
Artifactory Security Checks
AvantFAX Security Checks
Aviatrix Controller Security Checks
Axigen Webmail Security Checks
Azkaban Security Checks
Azure Checks
b2evolution CMS Security Checks
F5 BIG-IP Security Checks
Bitrix Security Checks
Bomgar Security Checks
Bullwark Momentum Series Security Checks
Cacti Checks
Centos WebPanel Security Checks
Chamilo LMS Security Checks
Checkpoint Security Checks
Cherokee Security Checks
CirCarLife Security Checks
Cisco ASA Security Checks
Cisco Meraki Security Checks
Agentejo Cockpit Security Checks
Apache Cocoon Security Checks
Adobe ColdFusion Security Checks
Concrete Security Checks
Atlassian Confluence workflow
Dahua Security Checks
DedeCMS Security Checks
Default Web Application Detection
Dell iDRAC Security Checks
Dolibarr Security Checks
DotNetNuke Security Checks
Drupal Security Checks
DuomiCMS Security Checks
Dynamicweb Security Checks
Emby Server Security Checks
eMerge Checks
EpiServer Security Checks
FeiFeiCMS Security Checks
FineReport Security Checks
Fortinet Security Checks
GateOne Security Checks
GeoWebServer Security Checks
Gespage Security Checks
GitLab Security Checks
GitList Security Checks
GLPI Security Checks
GoCD Security Checks
Gogs (Go Git Service) - Security Checks
Google API Token Usage Enumeration
GoPhish Security Checks
Grafana Security Checks
Graphite Security Checks
Grav Security Checks
gSOAP Security Checks
Apache Guacamole Security Checks
H3c IMC Security Checks
Harbor Security Checks
Hikvision Security Checks
SAP Internet Graphics Server (IGS) Security Checks
iTop Security Checks
JBoss Security Checks
Jeedom Security Checks
Jellyfin Security Checks
Jenkins workflow
Jetty Security Checks
Jira Security Checks
Joomla! Security Checks
Kentico CMS Security Checks
KEV Workflow
Keycloak Security Checks
Kibana Security Checks
KindEditor Security Checks
Kong Security Checks
Lanproxy Security Checks
Lansweeper Security Checks
Laravel Security Checks
Liferay Security Checks
Lotus Domino Security Checks
Lucee Detection Workflow
Magento Security Checks
MAGMI Security Checks
Maian Cart Security Checks
MantisBT Security Checks
Mautic CRM Security Checks
Metabase Security Checks
MetInfo Security Checks
Micro Focus Checks
Microsoft Exchange Security Checks
MicroStrategy Security Checks
Mida eFramework Security Checks
MobileIron Security Checks
Moodle Security Checks
Movable Type Security Checks
Nacos Security Checks
NETGEAR Security Checks
Netsweeper Security Checks
Nette Framework Security Checks
Node-RED-Dashboard Security Checks
noVNC Security Checks
OFBiz Security Checks
OpenAM Security Checks
OpenEMR Security Checks
OpenSIS Security Checks
OpenSNS Security Checks
oracle-peoplesoft Security Checks
osCommerce Security Checks
Pandora FMS Security Checks
Pega Security Checks
Pentaho Security Checks
PhpCollab Security Checks
phpmyadmin-workflow
phpPgAdmin Security Checks
phpwiki Security Checks
PowerCreator CMS Security Checks
ProcessMaker Security Checks
Prometheus Security Checks
PRTG Security Checks
Pulse Connect Secure Security Checks
Qcubed Security Checks
R-SeeNet Security Checks
RabbitMQ Security Checks
Rancher Security Checks
rConfig Security Checks
Ricoh Security Checks
Rosario Student Information System (rosariosis) Security Checks
RStudio Security Checks
Ruijie Checks
SaltStack Security Checks
Samsung Wlan AP (WEA453e) Checks
SAP NetWaver Security Checks
SARG Security Checks
SCO Security Checks
SequoiaDB Security Checks
Microsoft Sharepoint Security Checks
ShopXO Security Checks
Sidekiq Security Checks
SiteCore Security Checks
Apache SkyWalking Security Checks
SolarWinds Orion Security Checks
Apache Solr Security Checks
SonarQube Security Checks
SourceBans Security Checks
Splunk Security Checks
Spring Boot Security Checks
SquirrelMail Security Checks
Subrion CMS Security Checks
SugarCRM Security Checks
Symfony Security Checks
SysAid Security Checks
Apache Tapestry Security Checks
TerraMaster Security Checks
Thinfinity VirtualUI Security Checks
ThinkAdmin Security Checks
ThinkCMF Security Checks
ThinkPHP Security Checks
Thruk Security Checks
Tiki Wiki Security Checks
Tomcat Security Checks
TongDa Security Checks
TPshop Security Checks
Traefik Security Checks
Umbraco Security Checks
vBulletin Security Checks
VMware Security Checks
VoipMonitor Security Checks
WebLogic Security Checks
Webmin Security Checks
Websvn Security Checks
Wordpress Security Checks
Worksite Takeover Workflow
Wuzhicms Security Checks
XdCMS Security Checks
Xiuno Security Checks
XXL-JOB Security Checks
YApi Security Checks
Yii Security Checks
Yonyou Ufida NC Security Checks
Zabbix Security Checks
ZCMS Security Checks
ZeroShell Security Checks
Zimbra Security Checks
ZZZCMS Security Checks
Guides
Introduction to Nuclei
RequestBin
Select theme
Dark
Light
Auto
Vulnerability Templates
Search:
Go
Loading templates...
