Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-02-22
Low
Low
Low
Med.
Med.
Low
High
Med.
2024-02-20
Low
Med.
Low
Med.
Low

The latest CVEs

2024-02-24
CVE-2024-1810
The Archivist ?? Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ??shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in ...
CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the...
CVE-2024-21502
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. S...
CVE-2024-22988
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
CVE-2024-24681
Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
CVE-2024-25469
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
CVE-2024-26188
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-26192
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-22395
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
2024-02-23
CVE-2024-21423
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Dorks

2024-02-20
Med.
Ticico - Blind SQL Injection
inurl:"adminco" intext:"yetkili"
Gaddar
2024-02-11
Med.
iCT Sky SQL Injection
intext:"IT Partner iCT Sky"
MrHoudini
2024-02-07
Med.
Laravel Env file Access Open Directory
intitle:"index of" env.cgi
Shayan Sadr
2024-02-03
Med.
EuroMedya - No Redirect/Admin Panel Bypass
-
root9ext
Med.
Loca Software - Sql Injection/Admin Panel Bypass
intext:"bu web sitesi LOCA YAZILIM BİLİŞİM TEK. LTD. ŞTİ."
root9ext

Copyright 2024, cxsecurity.com

 

Back to Top