BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
phpBB 3.2.3 - Remote Code Execution12-12-2019
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)25-10-2019
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery01-08-2019
Ultimate Loan Manager 2.0 - Cross-Site Scripting01-08-2019
WebIncorp ERP - SQL injection01-08-2019
Oracle Hyperion Planning 11.1.2.3 - XML External Entity31-07-2019
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles30-07-2019
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances30-07-2019
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References30-07-2019
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects30-07-2019
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded30-07-2019
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)30-07-2019
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary130-07-2019
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming30-07-2019
GigToDo 1.3 - Cross-Site Scripting29-07-2019
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)29-07-2019
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery29-07-2019
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting29-07-2019
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)29-07-2019
pdfresurrect 0.15 - Buffer Overflow26-07-2019
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution26-07-2019
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)26-07-2019
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection26-07-2019
Moodle Filepicker 3.5.2 - Server Side Request Forgery26-07-2019
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation26-07-2019
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads25-07-2019
Ovidentia 8.4.3 - SQL Injection25-07-2019
Ovidentia 8.4.3 - Cross-Site Scripting25-07-2019
Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read24-07-2019
Trend Micro Deep Discovery Inspector IDS - Security Bypass24-07-2019