BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
phpFileManager 1.7.8 - Local File Inclusion02-04-2019
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery02-04-2019
CMS Made Simple < 2.2.10 - SQL Injection02-04-2019
LimeSurvey < 3.16 - Remote Code Execution02-04-2019
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering02-04-2019
Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting02-04-2019
Inout RealEstate - 'city' SQL Injection02-04-2019
AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow02-04-2019
Inout EasyRooms - SQL Injection02-04-2019
CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting29-03-2019
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion28-03-2019
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion28-03-2019
gnutls 3.6.6 - 'verify_crt()' Use-After-Free28-03-2019
Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection28-03-2019
Fat Free CRM 0.19.0 - HTML Injection28-03-2019
Airbnb Clone Script - Multiple SQL Injection28-03-2019
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)28-03-2019
BigTree 4.3.4 CMS - Multiple SQL Injection28-03-2019
CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)28-03-2019
Job Portal 3.1 - 'job_submit' SQL Injection28-03-2019
i-doit 1.12 - 'qr.php' Cross-Site Scripting28-03-2019
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion28-03-2019
Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service28-03-2019
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)28-03-2019
Jettweb Hazır Rent A Car Scripti V4 - SQL Injection27-03-2019
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow26-03-2019
Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection26-03-2019
XooDigital - 'p' SQL Injection26-03-2019
SJS Simple Job Script - SQL Injection / Cross-Site Scripting26-03-2019
Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion26-03-2019