BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!

Last Advisories
Tradebox CryptoCurrency - 'symbol' SQL Injection08-04-2019
QNAP Netatalk < 3.1.12 - Authentication Bypass08-04-2019
Download Accelerator Plus (DAP) - SEH Buffer Overflow08-04-2019
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass08-04-2019
ManageEngine ServiceDesk Plus 9.3 - User Enumeration08-04-2019
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation08-04-2019
Manage Engine ServiceDesk Plus 9.3 - Privilege Escalation05-04-2019
AIDA64 Extreme 5.99.4900 - 'Logging' SEH Buffer Overflow05-04-2019
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery05-04-2019
WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)05-04-2019
Magic ISO Maker 5.5(build 281) - 'Serial Code' Denial of Service (PoC)04-04-2019
AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow (SEH)04-04-2019
FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)04-04-2019
PhreeBooks ERP 5.2.3 - Remote Command Execution03-04-2019
Ashop Shopping Cart Software - SQL Injection03-04-2019
PhreeBooks ERP 5.2.3 - Arbitrary File Upload03-04-2019
AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter)03-04-2019
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)03-04-2019
TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)03-04-2019
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion03-04-2019
Clinic Pro v4 - 'month' SQL Injection03-04-2019
iScripts ReserveLogic - SQL Injection03-04-2019
Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion03-04-2019
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe03-04-2019
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check03-04-2019
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion03-04-2019
WebKitGTK+ - 'ThreadedCompositor' Race Condition03-04-2019
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free03-04-2019
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion03-04-2019
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)03-04-2019