Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-10-02
Med.
Nitro PDF Pro Local Privilege Escalation Multiple CVE
Sandro Einfeldt
Low
SeedDMS 6.0.28 Cross Site Scripting CVE-2024-46409
Marco Nappi
Med.
MIDIA Unrestricted File Upload / Arbitrary File Upload
Khunerable
Med.
reNgine 2.2.0 Command Injection (Authenticated)
Caner Tercan
Med.
Microsoft Office NTLMv2 Disclosure CVE-2024-38200
Metin Yunus Kandemir
2024-09-30
Med.
VegaBird Yaazhini 2.0.2 DLL Hijacking CVE-2024-45873
Iulian Florea
Med.
VegaBird Vooki 5.2.9 DLL Hijacking CVE-2024-45874
Iulian Florea
Med.
krishna Tech - Sql Injection
behrouz mansoori
Low
BlackBerry CylanceOPTICS Uninstall Password Bypass CVE-2024-35214
P. Espernberger
2024-09-29
High
Backdoor.Win32.Amatu.a Remote / Arbitrary File Write (RCE)
malvuln
High
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
malvuln
Med.
Era infotech - Sql Injection
behrouz mansoori
Med.
Era infotech - Blind Sql Injection Vulnerability
behrouz mansoori

The latest CVEs

Dorks

2024-10-03
CVE-2024-45519
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
CVE-2024-47616
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete vali...
2024-10-02
CVE-2024-43795
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.
CVE-2024-45960
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.
CVE-2024-45962
October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.
CVE-2024-45964
Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.
CVE-2024-45965
Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target.
CVE-2024-46977
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (de...
CVE-2024-47529
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5....
CVE-2024-8733
A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.
2024-09-30
Med.
krishna Tech - Sql Injection
"Website Developed By krishna Tech"
 behrouz mansoori
2024-09-29
Med.
Era infotech - Sql Injection
"Design & Developed By: Era infotech"
 behrouz mansoori
Med.
Era infotech - Blind Sql Injection Vulnerability
"Design & Developed By: Era infotech"
 behrouz mansoori
2024-08-08
Low
WP-UserOnline 2.88.0 Stored Cross Site Scripting (XSS) (Authenticated)( CVE-2022-2941 )
inurl:/wp-content/plugins/wp-useronline/
 Onur Göğebakan
2024-07-24
Med.
SRDB Wordpres Replace Title( Multiple CVE )
Search-Replace-DB-master
 Demon King
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top