Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2019/09/02 12:0 a.m.311 views

Alkacon OpenCMS 10.5.x Local File Inclusion

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...

4CVSS4.6AI score0.07346EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/09/02 12:0 a.m.311 views

Alkacon OpenCMS 10.5.x Cross Site Scripting

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE : CVE-2019-13234,...

4.3CVSS6.2AI score0.02904EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.311 views

Simple E-Document 1.31 SQL Injection

Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2013/03/01 12:0 a.m.311 views

PHP-Fusion 7.02.05 XSS / LFI / SQL Injection

waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.html Description of vulnerable...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/29 12:0 a.m.310 views

OpenPanel 0.3.4 Directory Traversal

OpenPanel version 0.3.4 suffers from multiple directory traversal vulnerabilities. Exploit Title: OpenPanel 0.3.4 - Directory Traversal in Copy Function of File Manager Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...

7.5AI score0.03148EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.310 views

3DSecure 2.0 3DS Authorization Method Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/09/03 12:0 a.m.310 views

Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure

Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Credit: Gionathan Armando Reale...

7.4AI score0.00171EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/06/03 12:0 a.m.310 views

Serendipity 2.5.0 Remote Code Execution

Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/29 12:0 a.m.310 views

Chrome 121 Javascript Fork Malloc Bomb

Searching the web for javascript fork malloc bomb returns results, e.g. here1: and here2: We got a javascript fork malloc bomb which crashed Chrome 121 on linux with SIGILL and about one in five runs the virtual machine freezes. SIGILL almost always is a sign of memory corruption : On android it...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/13 12:0 a.m.310 views

ProSSHD 1.2 20090726 Denial Of Service

!/usr/bin/perl use Net::SSH2 Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 13 january 2024 Vendor Homepage: https://prosshd.com/ Notification vendor: No reported Tested Version: ProSSHD 1.2 20090726 Tested on: Window XP Professional -...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.310 views

PHPJabbers Hotel Booking System 4.0 CSV Injection

Exploit Title: PHPJabbers Hotel Booking System v4.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/hotel-booking-system/sectionDemo Version: v4.0 Tested on: Windows...

7.4AI score0.00556EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.310 views

GOM Player 2.3.90.5360 Buffer Overflow

Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 30.08.2023 Vendor Homepage: https://www.gomlab.com Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE Tested Version: 2.3.90.5360 latest Tested on: Windows 1...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.310 views

Humhub 1.3.13 Shell Upload

==================================================================================================================================== | Title : Humhub v1.3.13 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/16 12:0 a.m.310 views

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.310 views

e-Biz Technocrats Pvt.Ltd SQL Injection

Exploit Title: Sql Injection on one site credentials can be use on other sites - Google Dork:" Designed and Developed by e-Biz Technocrats Pvt.Ltd " - Date: 05/11/2023 - Exploit Author: K1LL3rB4LL - Tested on: Mac, Windows, Linux Description: The vulnerability found is an SQL injection. You may r...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.310 views

Roxy WI 6.1.0.0 Remote Command Execution

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

10CVSS7.1AI score0.90387EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/01/11 12:0 a.m.310 views

Tiki Wiki CMS Groupware 25.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Exploits0
Packet Storm
Packet Storm
added 2022/11/17 12:0 a.m.310 views

Gitea Git Fetch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...

7.5CVSS0.1AI score0.87678EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/09/09 12:0 a.m.310 views

Sagemath 9.0 Overflow / Denial Of Service

sagemath 9.0 and reportedly later on ubuntu 20. sagemath gives access to the python interpreter, so code execution is trivial. We give DoS attacks, which terminates the sagemath process with abort, when raising symbolic expression to large integer power. We get abort with stack: gmp: overflow in...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/21 12:0 a.m.310 views

CodoForum 5.1 Remote Code Execution

Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Date: 06/07/2022 Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04...

7.2CVSS7AI score0.32233EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/14 12:0 a.m.310 views

Online Car Wash Booking System 1.0 Blind SQL Injection

Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection Exploit Author: segf0lt Date: April 14, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html Software Link:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.310 views

qdPM 9.2 Cross Site Request Forgery

Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Date: 03/27/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE :...

0.7AI score0.0375EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.310 views

Plastic SCM 10.0.16.5622 Insecure Direct Object Reference

Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Date: 18.10.2021 Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM...

5CVSS7.6AI score0.08939EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/04 12:0 a.m.310 views

Textpattern CMS 4.8.3 Remote Code Execution

Exploit Title: Textpattern 4.8.3 - Remote code execution Authenticated 2 Date: 03/03/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/09 12:0 a.m.310 views

Trojan.Win32.Cafelom.bu Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/146ce177ab03b8f62a9fc6e7bbf40dc1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Cafelom.bu Vulnerability: Heap Corruption Description: This malware drops two executabl...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/08 12:0 a.m.310 views

Cockpit 234 Server-Side Request Forgery

Exploit Title: Cockpit Version 234 - Server-Side Request Forgery Unauthenticated Date: 08.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://cockpit-project.org/ Version: v234 Tested on: Ubuntu 18.04 !/usr/bin/python3 import argparse import requests import sys import urllib3...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/17 12:0 a.m.310 views

WordPress Simple Social Buttons 3.1.1 Cross Site Scripting

The WordPress plugin Simple Social Buttons version 3.1.1 a.k.a. Simple Social Media Share Buttons suffers from a reflected cross-site scripting vulnerability found by Mr.F. It was fixed in version 3.2.0: https://wordpress.org/plugins/simple-social-buttons/developers HTML POC: xss poc...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/02 12:0 a.m.310 views

MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Improper Authorization CWE-285 Risk Level: High Solution Status: Fixed Manufacturer...

0.1AI score0.01707EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/06/22 12:0 a.m.310 views

FileRun 2019.05.21 Cross Site Scripting

Exploit Title: FileRun 2019.05.21 - Reflected Cross-Site Scripting Date: 2019-07-01 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.filerun.com/ Software Link: https://filerun.com/download Version: v2019.05.21 Tested on: Windows/Linux CVE: CVE-2019-12905 CVE-2019-12905...

4.3CVSS0.1AI score0.03605EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/06/04 12:0 a.m.310 views

Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection

!/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: 2.5.18103 2.0 1.0 Summary: CAYIN xPost is the web-based application software, which offers a combinatio...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/08 12:0 a.m.310 views

Nextcloud 17 Cross Site Request Forgery

Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 Nextcloud offers the industry-leading, on-premises content collaboration platfor...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/03 12:0 a.m.310 views

Cisco Email Security Virtual Appliance C600V IronPort Header Injection

!/usr/bin/perl -w Cisco Email Security Virtual Appliance C600V IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todo...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/03 12:0 a.m.310 views

Cisco Email Security Virtual Appliance C370 IronPort Header Injection

!/usr/bin/perl -w Cisco Email Security Virtual Appliance C370 IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.310 views

DomainMOD 4.11.01 Cross Site Scripting

Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-09 Exploit Author: Dawood Ansar Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19136 A Reflected Cross-site scripti...

6.6AI score0.06653EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/02/07 12:0 a.m.310 views

Adobe Coldfusion 11.0.03.292866 Remote Code Execution

Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe Coldfusion 11.0.03.292866 Tested On: Windows 10 Enterprise 10.0.15063 CVE: CVE-2017-3066...

7.5CVSS9.2AI score0.90597EPSS
Exploits6
Packet Storm
Packet Storm
added 2017/03/14 12:0 a.m.310 views

Apache Struts Jakarta Multipart Parser OGNL Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...

0.7AI score0.99999EPSS
Exploits44
Packet Storm
Packet Storm
added 2025/02/14 12:0 a.m.309 views

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.309 views

Vaidya-Mitra 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.309 views

SPIP BigUp 4.2.15 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.2.15 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.309 views

Microsoft Word UNC Path Injector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems for extracting files require 'zip' Project for creating files require 'rex/zip' class MetasploitModule 'Microsoft Word UNC Path Injector', 'Description' = %q This...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.309 views

Magento XXE Unserialize Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Magento XXE Unserialize Arbitrary File Read', 'Description' = %q This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which...

9.8CVSS7.2AI score0.99994EPSS
Exploits26
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.309 views

CouchDB Enum Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CouchDB Enum Utility', 'Description' = %q This module enumerates databases on CouchDB using the REST API without authentication by default. ,...

10CVSS6.9AI score0.99838EPSS
Exploits21
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.309 views

Cab Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : cab management system 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.309 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.19...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/12 12:0 a.m.309 views

Lost And Found Information System 1.0 Insecure Direct Object Reference

Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...

7.1AI score0.01264EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/25 12:0 a.m.309 views

Grawlix CMS 1.1.1 Cross Site Scripting

============================================================================================================================ | Title : Grawlix Cms v1.1.1 xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://getgrawlix.com/ | | Dork : Powered by Th...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/31 12:0 a.m.309 views

Rudder Server SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...

8.8CVSS7.1AI score0.85825EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/09 12:0 a.m.309 views

P2S CMS 0.1 Cross Site Scripting

==================================================================================================================================== | Title : P2s-cms v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.309 views

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

7.1AI score0.00735EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.309 views

FusionInvoice 2023-1.0 Cross Site Scripting

Exploit Title: FusionInvoice 2023-1.0 - Stored XSS Cross-Site Scripting Date: 2023-05-24 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.squarepiginteractive.com Software Link: https://www.fusioninvoice.com/store Version: 2023-1.0 Tested on: Latest Version of Desktop Web Browsers...

7.1AI score0.02246EPSS
Exploits4
Total number of security vulnerabilities5000