CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-10-13
Med.	VICIdial 2.14-917a SQL Injection CVE-2024-8503 Jaggar Henry
Med.	WordPress LMS 4.2.7 SQL Injection CVE-2024-8522 Avento
Med.	Netman 204 4.05 SQL Injection / Unauthenticated Password Reset Multiple CVE T. Weber
2024-10-12
Med.	BALC Media - Blind Sql Injection Vulnerability behrouz mansoori
Med.	ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control LiquidWorm
High	ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution LiquidWorm
Med.	ABB Cylon Aspect 3.07.02 user.properties Default Credentials LiquidWorm
2024-10-08
Med.	PHP-Nuke Top Module SQL Injection Emiliano Febbi
2024-10-07
Low	Acronis Cyber Infrastructure Default Password Remote Code Execution h00die-gr3y
Med.	Online Complete - Blind Sql Injection Vulnerability behrouz mansoori
Med.	MSI RTCore64.sys Privilege escalation CVE-2019-16098 NSA
Med.	SCRMS 2024-10-07 Multiple-SQLi nu11secur1ty
Low	Book Recording App 2024-09-24 Cross Site Scripting Arif Ari

Dorks

2024-10-15
CVE-2024-5749	Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.
CVE-2024-35584	SQL injection vulnerability in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1, 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For"...
CVE-2024-41344	A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.
CVE-2024-47779	Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist....
CVE-2024-47824	matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by ...
CVE-2024-47874	Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down signi...
CVE-2024-47876	Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.
CVE-2024-48622	A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.
CVE-2024-48623	In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).
CVE-2024-48624	In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.

2024-10-12
Med.	BALC Media - Blind Sql Injection Vulnerability "Developed by BALC Media"	behrouz mansoori
2024-10-08
Med.	PHP-Nuke Top Module SQL Injection intext: Powered by PHP-Nuke	Emiliano Febbi
2024-10-07
Med.	Online Complete - Blind Sql Injection Vulnerability "Powered by Online Complete to"	behrouz mansoori
2024-10-05
High	MD-Pro 1.0.76 Shell Upload / SQL Injection intext: Powered by MD-Pro	Emiliano Febbi
2024-09-30
Med.	krishna Tech - Sql Injection "Website Developed By krishna Tech"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-10-13

Med.

Med.

Med.

2024-10-12

Med.

Med.

High

Med.

2024-10-08

Med.

2024-10-07

Low

Med.

Med.

Med.

Low

The latest CVEs

2024-10-15

Dorks

2024-10-12

Med.

2024-10-08

Med.

2024-10-07

Med.

2024-10-05

High

2024-09-30

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations