BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers18-02-2019
ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting18-02-2019
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)18-02-2019
M/Monit 3.7.2 - Privilege Escalation18-02-2019
qdPM 9.1 - 'type' Cross-Site Scripting18-02-2019
Master IP CAM 01 3.3.4.2103 - Remote Command Execution18-02-2019
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)18-02-2019
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload15-02-2019
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)15-02-2019
AirMore 1.6.1 - Denial of Service (PoC)15-02-2019
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery15-02-2019
VSCO 1.1.1.0 - Denial of Service (PoC)15-02-2019
Navicat for Oracle 12.1.15 - "Password" Denial of Service (PoC)15-02-2019
Jinja2 2.10 - 'from_string' Server Side Template Injection15-02-2019
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference15-02-2019
qdPM 9.1 - 'search_by_extrafields' SQL Injection15-02-2019
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting14-02-2019
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)14-02-2019
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting14-02-2019
DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting14-02-2019
MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)14-02-2019
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting14-02-2019
Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)14-02-2019
exacqVision ESM 5.12.2 - Privilege Escalation14-02-2019
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection14-02-2019
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting14-02-2019
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)14-02-2019
Apple macOS 10.13.5 - Local Privilege Escalation13-02-2019
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)13-02-2019
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)13-02-2019