Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-09-24
High
Elasticsearch 8.5.3 Stack Overflow CVE-2023-31419
Touhami Kasbaoui
High
TOTOLINK Wireless Routers Remote Command Execution
h00die-gr3y
Med.
PHP Type Confusion Vulnerability Leading to Administrator Account Takeover via Authentication Bypass CVE-2023-43154
Ally Petitt
Low
Taskhub 2.8.8 Cross Site Scripting
nu11secur1ty
2023-09-21
Low
Pegasus X DLL hijacking CVE-2023-41064
E1.CODERS
2023-09-20
Med.
Academy LMS 6.2 SQL Injection CVE-2023-4974
CraCkEr
Low
SFTP/FTP Password Exposure via sftp-config.json Multiple CVE
Mr.Fn4ticHz
High
Atos Unify OpenScape Code Execution / Missing Authentication Multiple CVE
Armin Weihbold
High
Lexmark Device Embedded Web Server Remote Code Execution Multiple CVE
jheysel-r7
Med.
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Multiple CVE
Marco Wotschka
Med.
Taskhub 2.8.7 SQL Injection CVE-2023-4987
CraCkEr
Med.
Windows Common Log File System Driver (clfs.sys) Privilege Escalation CVE-2023-28252
Ricardo Narvaja
High
Super Store Finder 3.7 Remote Command Execution
Etharus

The latest CVEs

2023-09-25
CVE-2023-5145
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be laun...
CVE-2023-5146
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be ...
CVE-2023-41874
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.
CVE-2023-41948
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.
CVE-2023-41949
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.
CVE-2023-5147
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotel...
CVE-2023-5148
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated ...
CVE-2023-5149
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated remotely...
CVE-2023-41872
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.
CVE-2023-5150
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely....

Dorks

2023-09-20
Low
SFTP/FTP Password Exposure via sftp-config.json( Multiple CVE )
inurl:/.vscode/sftp-config.json
 Mr.Fn4ticHz
High
Super Store Finder 3.7 Remote Command Execution
"designed and built by Joe Iz."
 Etharus
2023-09-18
Med.
Conception & Réalisation MGSD - Blind Sql Injection Vulnerability
"Conception & Réalisation MGSD"
 behrouz mansoori
Med.
SNDK Technologies - Blind Sql Injection
"Designed by SNDK Technologies Pvt. Ltd."
 behrouz mansoori
Med.
CMS united - Blind Sql Injection
"Powered by CMS united"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top