BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free23-05-2019
Terminal Services Manager 3.2.1 - Denial of Service23-05-2019
Microsoft Windows 10 (17763.379) - Install DLL23-05-2019
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)23-05-2019
Horde Webmail 5.2.22 - Multiple Vulnerabilities22-05-2019
RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)22-05-2019
TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)22-05-2019
Carel pCOWeb < B1.2.1 - Cross-Site Scripting22-05-2019
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions22-05-2019
RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)22-05-2019
Microsoft Internet Explorer 11 - Sandbox Escape22-05-2019
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting22-05-2019
Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation22-05-2019
Carel pCOWeb < B1.2.1 - Credentials Disclosure22-05-2019
BlueStacks 4.80.0.1060 - Denial of Service (PoC)22-05-2019
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)22-05-2019
Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation22-05-2019
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting22-05-2019
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register21-05-2019
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)21-05-2019
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection21-05-2019
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities21-05-2019
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl21-05-2019
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free21-05-2019
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized21-05-2019
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free21-05-2019
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting21-05-2019
Deluge 1.3.15 - 'URL' Denial of Service (PoC)21-05-2019
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution21-05-2019
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting21-05-2019