Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-10-13
Med.
Med.
Med.
2024-10-12
Med.
Med.
High
Med.
2024-10-08
Med.
2024-10-07
Low
Med.
Med.
Med.
Low

The latest CVEs

Dorks

2024-10-15
CVE-2024-5749
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.
CVE-2024-35584
SQL injection vulnerability in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1, 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For"...
CVE-2024-41344
A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.
CVE-2024-47779
Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist....
CVE-2024-47824
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by ...
CVE-2024-47874
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down signi...
CVE-2024-47876
Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.
CVE-2024-48622
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.
CVE-2024-48623
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).
CVE-2024-48624
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.
2024-10-12
Med.
BALC Media - Blind Sql Injection Vulnerability
"Developed by BALC Media"
behrouz mansoori
2024-10-08
Med.
PHP-Nuke Top Module SQL Injection
intext: Powered by PHP-Nuke
Emiliano Febbi
2024-10-07
Med.
Online Complete - Blind Sql Injection Vulnerability
"Powered by Online Complete to"
behrouz mansoori
2024-10-05
High
MD-Pro 1.0.76 Shell Upload / SQL Injection
intext: Powered by MD-Pro
Emiliano Febbi
2024-09-30
Med.
krishna Tech - Sql Injection
"Website Developed By krishna Tech"
behrouz mansoori

Copyright 2024, cxsecurity.com

 

Back to Top