CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2023-09-21
Low	Pegasus X DLL hijacking CVE-2023-41064 E1.CODERS
2023-09-20
Med.	Academy LMS 6.2 SQL Injection CVE-2023-4974 CraCkEr
Low	SFTP/FTP Password Exposure via sftp-config.json Multiple CVE Mr.Fn4ticHz
High	Atos Unify OpenScape Code Execution / Missing Authentication Multiple CVE Armin Weihbold
High	Lexmark Device Embedded Web Server Remote Code Execution Multiple CVE jheysel-r7
Med.	WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Multiple CVE Marco Wotschka
Med.	Taskhub 2.8.7 SQL Injection CVE-2023-4987 CraCkEr
Med.	Windows Common Log File System Driver (clfs.sys) Privilege Escalation CVE-2023-28252 Ricardo Narvaja
High	Super Store Finder 3.7 Remote Command Execution Etharus
Low	WordPress Theme My Login 2FA Brute Force Joost Grunwald
2023-09-18
High	WinRAR Remote Code Execution CVE-2023-38831 Alexander Hagenah
Med.	Conception & Réalisation MGSD - Blind Sql Injection Vulnerability behrouz mansoori
Low	Night Club Booking Software 1.0 Cross Site Scripting nu11secur1ty

The latest CVEs

2023-09-22
CVE-2023-42261	Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.
CVE-2023-41614	A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
CVE-2023-41616	A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload.
CVE-2023-43128	D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters.
CVE-2023-4504	Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
CVE-2023-5068	Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process.
CVE-2023-34576	SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
CVE-2023-42482	Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.
CVE-2023-38343	An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
CVE-2023-38344	An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a ...

Dorks

2023-09-20
Low	SFTP/FTP Password Exposure via sftp-config.json( Multiple CVE ) inurl:/.vscode/sftp-config.json	Mr.Fn4ticHz
High	Super Store Finder 3.7 Remote Command Execution "designed and built by Joe Iz."	Etharus
2023-09-18
Med.	Conception & Réalisation MGSD - Blind Sql Injection Vulnerability "Conception & Réalisation MGSD"	behrouz mansoori
Med.	SNDK Technologies - Blind Sql Injection "Designed by SNDK Technologies Pvt. Ltd."	behrouz mansoori
Med.	CMS united - Blind Sql Injection "Powered by CMS united"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2023-09-21

Low

2023-09-20

Med.

Low

High

High

Med.

Med.

Med.

High

Low

2023-09-18

High

Med.

Low

The latest CVEs

2023-09-22

Dorks

2023-09-20

Low

High

2023-09-18

Med.

Med.

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations