BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference15-02-2019
Navicat for Oracle 12.1.15 - "Password" Denial of Service (PoC)15-02-2019
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)15-02-2019
Jinja2 2.10 - 'from_string' Server Side Template Injection15-02-2019
VSCO 1.1.1.0 - Denial of Service (PoC)15-02-2019
qdPM 9.1 - 'search_by_extrafields' SQL Injection15-02-2019
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery15-02-2019
AirMore 1.6.1 - Denial of Service (PoC)15-02-2019
DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting14-02-2019
Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)14-02-2019
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)14-02-2019
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting14-02-2019
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting14-02-2019
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection14-02-2019
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting14-02-2019
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)14-02-2019
exacqVision ESM 5.12.2 - Privilege Escalation14-02-2019
MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)14-02-2019
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting14-02-2019
Apple macOS 10.13.5 - Local Privilege Escalation13-02-2019
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)13-02-2019
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)13-02-2019
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)13-02-2019
PilusCart 1.4.1 - 'send' SQL Injection13-02-2019
Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting13-02-2019
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)13-02-2019
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)13-02-2019
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)13-02-2019
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting13-02-2019
OPNsense < 19.1.1 - Cross-Site Scripting12-02-2019