Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-09-10
Med.
Med.
High
2024-09-08
Med.
High
Med.
Med.
Low
High
Low
Med.
High
2024-09-03
Med.

The latest CVEs

Dorks

2024-09-11
CVE-2024-45786
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive information belonging to other users.
CVE-2024-45787
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive informatio...
CVE-2024-45788
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.
CVE-2024-45789
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ??mode?? parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application. Successful exploitation of this ...
CVE-2024-5416
The Elementor Website Builder ?? More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac...
CVE-2024-7609
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.
CVE-2024-45790
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user ac...
CVE-2024-6091
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, ...
CVE-2024-45327
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
CVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauth...
2024-08-08
Low
WP-UserOnline 2.88.0 Stored Cross Site Scripting (XSS) (Authenticated)( CVE-2022-2941 )
inurl:/wp-content/plugins/wp-useronline/
Onur Göğebakan
2024-07-24
Med.
SRDB Wordpres Replace Title( Multiple CVE )
Search-Replace-DB-master
Demon King
Med.
Designed by Winzone Softech" Bypass Admin With Noredirect
"Designed by Technocracy Softwares Pvt. Ltd"
Xplo5ionS
2024-07-22
Med.
Technocracy Softwares Pvt. Ltd Bypass Admin With Noredirect
"Designed by Technocracy Softwares Pvt. Ltd"
Xplo5ionS
2024-07-15
Med.
lajeh - SQL Injection vulnerability
"Powered by lajeh"
Mahdi Karimi

Copyright 2024, cxsecurity.com

 

Back to Top