Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-03-30
Low
rukovoditel 3.2.1 Cross Site Scripting
nu11secur1ty
High
iBooking 1.0.8 Remote Shell Upload
d1z1n370
Low
ReQlogic 11.3 Cross Site Scripting
Okan Kurtulus
Med.
WebTareas 2.4 SQL Injection (Unauthorised)
Hubert Wojciechowski
Med.
RSA NetWitness Platform EDR Agent / Incorrect Access Control - Code Execution / CVE-2022-47529
hyp3rlinx
Low
Eve-ng 5.0.1-13 Stored Cross-Site Scripting (XSS)
@casp3r0x0
Med.
Router ZTE-H108NS Authentication Bypass
George Tsimpidas
2023-03-27
High
Owlfiles File Manager 12.0.1 Multiple Vulnerabilities
Chokri Hammedi
Low
Rental House Management System - Reflected Cross-Site Scripting (XSS)
İsmail Can DURNA
High
MODX Revolution v2.8.3-pl Authenticated Remote Code Execution CVE-2022-26149
Sarang Tumne @CyberInsane ...
High
Explorer32++ 1.3.5.531 Buffer Overflow
Rafael Pedrero
Med.
Scdbg 1.0 Buffer overflow DoS
Rafael Pedrero
Med.
Sysax Multi Server 6.95 Password Denial of Service (PoC)
Luis Martinez

The latest CVEs

2023-04-01
CVE-2022-4899
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
CVE-2023-1784
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerabilit...
CVE-2023-1785
A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700.
CVE-2023-26858
SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.
CVE-2023-27162
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
2023-03-31
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The caus...
CVE-2023-23594
An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.
CVE-2023-26925
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

Dorks

2023-03-09
Med.
WordPress Real Estate 7 Theme <= 3.3.4 - Abuse of Functionality
inurl:/wp-content/themes/realestate-7/
 FearZzZz
2023-03-08
Med.
WordPress WoodMart Theme <= 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection( CVE-2023-25790 )
inurl:/wp-content/themes/woodmart/
 FearZzZz
2023-03-05
Low
WordPress Real Estate 7 Theme <= 3.3.4 - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
inurl:/wp-content/themes/realestate-7/
 FearZzZz
Low
WordPress Real Estate 7 Theme <= 3.3.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
inurl:/wp-content/themes/realestate-7/
 FearZzZz
Low
WordPress WoodMart Theme <= 7.1.1 - Theme License Options Change via CSRF
inurl:/wp-content/themes/woodmart/
 FearZzZz
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top