Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-05-28
Low
High
Med.
Low
Med.
Low
2023-05-27
High
Med.
High
Med.
Low
High
Low

The latest CVEs

2023-05-29
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2954
Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master.
CVE-2023-2955
A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2023-29380
Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.
CVE-2023-30350
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
CVE-2023-30570
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
CVE-2023-31874
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').
CVE-2022-33974
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
CVE-2022-45372
Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions.
CVE-2023-28153
An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.

Dorks

2023-05-28
Med.
JetSınav SQL Injection + Default Password Vulnerability
allintext:"Powered by Jetsınav"
BQX
Low
SCM Manager 1.60 Cross Site Scripting( CVE-2023-33829 )
intitle:"SCM Manager" intext:1.60
neg0x
2023-05-21
Low
Siemens SIMATIC S7-1200 Cross Site Request Forgery( CVE-2015-5698 )
inurl:/Portal/Portal.mwsl
RoseSecurity
2023-04-25
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection( CVE-2023-1671 )
title:"Sophos Web Appliance"
Behnam Abasi Vanda
2023-04-23
Med.
Bluesoft Infotech - Sql Injection Vulnerability
"Designed by Bluesoft Infotech"
behrouz mansoori

Copyright 2023, cxsecurity.com

 

Back to Top