Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-06-02
Med.
Trend Micro OfficeScan Client 10.0 ACL Service LPE
msd0pe
High
Acelle Email Marketing 3.0.15 Arbitrary File Upload
indoushka
Low
Inlislite 3.1 Insecure Settings
indoushka
2023-05-30
Med.
PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass
Nadeem Salim
High
Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow Multiple CVE
CyberIntel Team
High
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens Multiple CVE
Fabian Densborn
High
Widevine Trustlet 5.x drm_save_keys Buffer Overflow Multiple CVE
CyberIntel Team
2023-05-28
Low
Webkul Qloapps 1.5.2 Cross Site Scripting CVE-2023-30256
Astik Rawat
High
GetSimple CMS 3.3.16 Shell Upload CVE-2022-41544
Youssef Muhammad
Med.
JetSınav SQL Injection + Default Password Vulnerability
BQX
Low
SCM Manager 1.60 Cross Site Scripting CVE-2023-33829
neg0x
Med.
Screen SFT DAB 600/C Authentication Bypass Admin Password Change
LiquidWorm
Low
TinyWebGallery v2.5 Remote Code Execution (RCE)
Mirabbas Ağalarov

The latest CVEs

2023-06-04
CVE-2023-3094
A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be ...
CVE-2023-3091
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high....
2023-06-03
CVE-2023-32582
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions.
CVE-2023-3086
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-3084
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-3085
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiat...
CVE-2023-2298
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary ...
CVE-2023-2299
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthentica...
CVE-2023-2300
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above,...
CVE-2023-2301
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a f...

Dorks

2023-05-28
Med.
JetSınav SQL Injection + Default Password Vulnerability
allintext:"Powered by Jetsınav"
 BQX
Low
SCM Manager 1.60 Cross Site Scripting( CVE-2023-33829 )
intitle:"SCM Manager" intext:1.60
 neg0x
2023-05-21
Low
Siemens SIMATIC S7-1200 Cross Site Request Forgery( CVE-2015-5698 )
inurl:/Portal/Portal.mwsl
 RoseSecurity
2023-04-25
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection( CVE-2023-1671 )
title:"Sophos Web Appliance"
 Behnam Abasi Vanda
2023-04-23
Med.
Bluesoft Infotech - Sql Injection Vulnerability
"Designed by Bluesoft Infotech"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top