Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2022-01-15
Low
Med.
Low
Med.
Med.
2022-01-13
High
Low
Low
Med.
Med.
Med.
Low
2022-01-12
Med.

The latest CVEs

2022-01-17
CVE-2022-0256
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0257
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0258
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2021-24838
The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
CVE-2021-24909
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue
CVE-2021-25005
The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2021-25024
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues
CVE-2021-25025
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
CVE-2021-25036
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn??????t have access to. This could ultimately enable users with low-privileged accounts, like subscribers,...
CVE-2021-25037
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site??s database (e.g., usernames and hashed passwords).

Dorks

2022-01-15
Med.
da Grazioli Design - Sql Injection Vulnerability
"Sito web creato da Grazioli Design"
behrouz mansoori
Med.
Web Canvas - Sql Injection Vulnerability
"Web Design by Web Canvas"
behrouz mansoori
2022-01-13
Med.
MARKS DESIGN - Sql Injection Vulnerability
"Designed by MARKS DESIGN"
behrouz mansoori
Med.
EDSA Designs - Sql Injection Vulnerability
"website by EDSA Designs"
behrouz mansoori
2022-01-12
Med.
Agile Web Solutions - Sql Injection Vulnerability
"Developed By Agile Web Solutions"
behrouz mansoori

Copyright 2022, cxsecurity.com

 

Back to Top