Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-09-18
Med.
Microsoft Windows TOCTOU Local Privilege Escalation CVE-2024-30088
jheysel-r7
Med.
OVAS - PHP (by: oretnom23 ) v1.0 Multiple-SQLi
nu11secur1ty
Med.
Microsoft SQL Server Masked Data Exposure
Emad Al-Mousa
Med.
Cab Management System-1.0 Multiple-SQLi
nu11secur1ty
Med.
Backdoor.Win32.CCInvader.10 / Authentication Bypass
malvuln
Med.
Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution
malvuln
Med.
Backdoor.Win32.Delf.yj / Information Disclosure
malvuln
2024-09-16
High
MPlayer Lite r33064 Buffer Overflow
h1ch4m
Low
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
Valentin Lobstein
Low
SFTRS - PHP (by: oretnom23 ) v1.0 Multiple-SQLi
nu11secur1ty
2024-09-12
Med.
TENANT-LIMITED-1.0-©-2024-Tenant-Management-System-Software Multiple-SQLi
nu11secur1ty
2024-09-10
Med.
C-MOR Video Surveillance 5.2401 Path Traversal CVE-2024-45178
Matthias Deeg
Med.
C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection CVE-2024-45174
Matthias Deeg

The latest CVEs

Dorks

2024-09-19
CVE-2024-8354
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.
CVE-2024-8986
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the f...
CVE-2024-46946
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).
CVE-2024-47085
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters ??cCdslClicentcode? and ??cLdClientCode? in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to oth...
CVE-2024-47086
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnera...
CVE-2024-47087
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.
CVE-2024-47088
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.
CVE-2024-47089
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
CVE-2024-45769
A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
CVE-2024-45770
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
2024-08-08
Low
WP-UserOnline 2.88.0 Stored Cross Site Scripting (XSS) (Authenticated)( CVE-2022-2941 )
inurl:/wp-content/plugins/wp-useronline/
 Onur Göğebakan
2024-07-24
Med.
SRDB Wordpres Replace Title( Multiple CVE )
Search-Replace-DB-master
 Demon King
Med.
Designed by Winzone Softech" Bypass Admin With Noredirect
"Designed by Technocracy Softwares Pvt. Ltd"
 Xplo5ionS
2024-07-22
Med.
Technocracy Softwares Pvt. Ltd Bypass Admin With Noredirect
"Designed by Technocracy Softwares Pvt. Ltd"
 Xplo5ionS
2024-07-15
Med.
lajeh - SQL Injection vulnerability
"Powered by lajeh"
 Mahdi Karimi
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top