Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-05-28
Low
Webkul Qloapps 1.5.2 Cross Site Scripting CVE-2023-30256
Astik Rawat
High
GetSimple CMS 3.3.16 Shell Upload CVE-2022-41544
Youssef Muhammad
Med.
JetSınav SQL Injection + Default Password Vulnerability
BQX
Low
SCM Manager 1.60 Cross Site Scripting CVE-2023-33829
neg0x
Med.
Screen SFT DAB 600/C Authentication Bypass Admin Password Change
LiquidWorm
Low
TinyWebGallery v2.5 Remote Code Execution (RCE)
Mirabbas Ağalarov
2023-05-27
High
Yank Note 3.52.1 Arbitrary Code Execution CVE-2023-31874
8bitsec
Med.
Stackposts Social Marketing Tool v1.0 SQL Injection
Ahmet Ümit BAYRAM
High
Seagate Central Storage 2015.0916 User Creation / Command Execution
Ege Balci
Med.
Ulicms 2023.1 Create Administrator
Mirabbas Agalarov
Low
Zenphoto 1.6 Cross Site Scripting
Mirabbas Agalarov
High
Laravel 10.11 Database Disclosure / Information Disclosure
indoushka
Low
WBCE CMS 1.6.1 Cross Site Scripting
Mirabbas Agalarov

The latest CVEs

2023-05-29
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2954
Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master.
CVE-2023-2955
A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2023-29380
Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.
CVE-2023-30350
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
CVE-2023-30570
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
CVE-2023-31874
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').
CVE-2022-33974
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
CVE-2022-45372
Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions.
CVE-2023-28153
An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.

Dorks

2023-05-28
Med.
JetSınav SQL Injection + Default Password Vulnerability
allintext:"Powered by Jetsınav"
 BQX
Low
SCM Manager 1.60 Cross Site Scripting( CVE-2023-33829 )
intitle:"SCM Manager" intext:1.60
 neg0x
2023-05-21
Low
Siemens SIMATIC S7-1200 Cross Site Request Forgery( CVE-2015-5698 )
inurl:/Portal/Portal.mwsl
 RoseSecurity
2023-04-25
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection( CVE-2023-1671 )
title:"Sophos Web Appliance"
 Behnam Abasi Vanda
2023-04-23
Med.
Bluesoft Infotech - Sql Injection Vulnerability
"Designed by Bluesoft Infotech"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top