Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-02-25
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Med.
2024-02-22
Low
Low
Low
Med.
Med.

The latest CVEs

2024-02-24
CVE-2024-1810
The Archivist ?? Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ??shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in ...
CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the...
CVE-2024-21502
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. S...
CVE-2024-22988
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
CVE-2024-24681
Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
CVE-2024-25469
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
CVE-2024-26188
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-26192
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-22395
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
2024-02-23
CVE-2024-21423
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Dorks

2024-02-25
Med.
Axiomatic - Sql Injection
"Design by Axiomatic.it"
behrouz mansoori
Med.
Stealth Media Ltd - Blind Sql Injection
"Website Designed & Developed By Stealth Media Ltd."
behrouz mansoori
Med.
Agencia NUBA - Blind Sql Injection
"Diseño y Programación Agencia NUBA"
behrouz mansoori
2024-02-20
Med.
Ticico - Blind SQL Injection
inurl:"adminco" intext:"yetkili"
Gaddar
2024-02-11
Med.
iCT Sky SQL Injection
intext:"IT Partner iCT Sky"
MrHoudini

Copyright 2024, cxsecurity.com

 

Back to Top