28 POSTS · CVE
DATE CAT TITLE TARGET CVSS
2026 · 1
17-01 CVE GHSA-38cw-85xc-xr9x Veramo Data Store ORM SQL Injection Veramo 6.8 2024 · 7
03-02 CVE CVE-2023-41283 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection QNAP 7.2 03-02 CVE CVE-2023-39302 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection QNAP 7.2 03-02 CVE CVE-2023-39303 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x Improper Authentication QNAP 5.3 03-02 CVE CVE-2023-41282 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection QNAP 7.2 03-02 CVE CVE-2023-41281 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection QNAP 7.2 03-02 CVE CVE-2023-39297 - QTS 5.1.x, 4.5.x; QuTS hero h5.1.x, h4.5.x; QuTScloud 5.x OS Command Injection QNAP 8.8 06-01 CVE CVE-2023-39294 - QTS 5.1.x, QuTS hero h5.1.x OS Command Injection QNAP 7.2 2023 · 6
10-11 CVE CVE-2023-41285 - QNAP Qumagie < 2.1.4 SQL Injection QNAP 8.8 10-11 CVE CVE-2023-41284 - QNAP Qumagie < 2.1.4 SQL Injection QNAP 8.8 10-11 CVE CVE-2023-39295 - QNAP Qumagie < 2.1.3 OS command injection QNAP 8.8 27-04 CVE CVE-2023-2338 - Pimcore SQL Injection in AssetController Pimcore 8.8 27-04 CVE CVE-2023-2336 - Pimcore Path Traversal in Asset "import from server" option Pimcore 6.5 13-04 CVE CVE-2023-29506 - XWIKI RXSS with authenticate endpoints XWIKI 6.1 2022 · 5
13-12 CVE CVE-2022-46391 - Awstats hostinfo reflected XSS Awstats 6.1 22-11 CVE CVE-2022-45152 - Moodle Blind SSRF in LTI provider library Moodle 4.5 13-08 CVE CVE-2022-3967 - VestaCP func/main.sh argument injection VestaCP 7.8 18-07 CVE CVE-2022-35651 - Moodle Stored XSS and blind SSRF possible via SCORM track Moodle 6.1 15-02 CVE CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE ImpressCMS 9.8 2021 · 1
07-12 CVE CVE-2020-36474 - Vanilla SSRF Vanilla 9.8
CONTACT
rekter0
PROFESSIONAL SLOPPER
Application security research. vulnerability disclosure, and the occasional pre-auth RCE chain.
28 CVE 7 EXPLOIT 14 POST