BugSearch is an information portal focused on applications security, web oriented and not. We offer our services to disclose our registered users on security alerts found on the net, in order to warn them as soon as possible on bugs, system flaws, exploits and threats afflicting applications and possible patches.

New Feature: Post New Exploit

Register now to start receiving our security alerts of your favourite applications or try our new Android App which will keep you updated everywhere you are!


Last Advisories
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe03-04-2019
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion03-04-2019
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check03-04-2019
Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion03-04-2019
WebKitGTK+ - 'ThreadedCompositor' Race Condition03-04-2019
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)03-04-2019
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion03-04-2019
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free03-04-2019
Inout RealEstate - 'city' SQL Injection02-04-2019
AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow02-04-2019
CMS Made Simple < 2.2.10 - SQL Injection02-04-2019
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery02-04-2019
LimeSurvey < 3.16 - Remote Code Execution02-04-2019
Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting02-04-2019
Inout EasyRooms - SQL Injection02-04-2019
phpFileManager 1.7.8 - Local File Inclusion02-04-2019
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering02-04-2019
CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting29-03-2019
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion28-03-2019
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion28-03-2019
Fat Free CRM 0.19.0 - HTML Injection28-03-2019
Job Portal 3.1 - 'job_submit' SQL Injection28-03-2019
Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service28-03-2019
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion28-03-2019
gnutls 3.6.6 - 'verify_crt()' Use-After-Free28-03-2019
CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)28-03-2019
Airbnb Clone Script - Multiple SQL Injection28-03-2019
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)28-03-2019
Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection28-03-2019
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)28-03-2019