BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process26-04-2019
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting26-04-2019
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)26-04-2019
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)25-04-2019
Backup Key Recovery 2.2.4 - Denial of Service (PoC)25-04-2019
HeidiSQL 10.1.0.5464 - Denial of Service (PoC)25-04-2019
JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting25-04-2019
osTicket 1.11 - Cross-Site Scripting / Local File Inclusion25-04-2019
Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)25-04-2019
JioFi 4G M2S 1.0.2 - Denial of Service25-04-2019
AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)25-04-2019
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)24-04-2019
Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow24-04-2019
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation24-04-2019
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition23-04-2019
Linux - 'page->_refcount' Overflow via FUSE23-04-2019
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit23-04-2019
Ross Video DashBoard 8.5.1 - Insecure Permissions23-04-2019
LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)22-04-2019
WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion22-04-2019
QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service22-04-2019
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)22-04-2019
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)22-04-2019
Msvod 10 - Cross-Site Request Forgery (Change User Information)22-04-2019
Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC)22-04-2019
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)22-04-2019
ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit)22-04-2019
UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting22-04-2019
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal19-04-2019
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)19-04-2019