CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2023-06-07
Low	Prestashop 8.0.4 CSV injection Mirabbas Ağalarov
Med.	Expert Job Portal Management System 1.0 SQL Injection CraCkEr
Med.	CloudPanel 2.2.2 Privilege Escalation / Path Traversal CVE-2023-33747 EagleEye
Med.	WordPress Updraft 0.6.1 Backup Disclosure indoushka
2023-06-06
Low	ManageEngine ADManager Plus Command Injection CVE-2023-29084 Grant Willcox
High	unilogies/bumsys v1.0.3 beta Unrestricted File Upload CVE-2023-0455 AFFAN AHMED
Low	WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF Multiple CVE Ramuel Gall
Low	Expert Job Portal Management System 1.0 Cross Site Scripting CraCkEr
2023-06-02
Med.	Trend Micro OfficeScan Client 10.0 ACL Service LPE msd0pe
High	Acelle Email Marketing 3.0.15 Arbitrary File Upload indoushka
Low	Inlislite 3.1 Insecure Settings indoushka
2023-05-30
Med.	PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass Nadeem Salim
High	Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow Multiple CVE CyberIntel Team

The latest CVEs

2023-06-08
CVE-2023-34238	Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentiall...
CVE-2023-34239	Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are...
CVE-2023-33846	IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2023-33847	IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the i...
CVE-2023-23480	IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885.
CVE-2023-23481	IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889.
CVE-2023-23482	IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force...
CVE-2023-2986	The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart...
CVE-2023-34969	D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstanc...
CVE-2023-24476	An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.

Dorks

2023-05-28
Med.	JetSınav SQL Injection + Default Password Vulnerability allintext:"Powered by Jetsınav"	BQX
Low	SCM Manager 1.60 Cross Site Scripting( CVE-2023-33829 ) intitle:"SCM Manager" intext:1.60	neg0x
2023-05-21
Low	Siemens SIMATIC S7-1200 Cross Site Request Forgery( CVE-2015-5698 ) inurl:/Portal/Portal.mwsl	RoseSecurity
2023-04-25
Med.	Sophos Web Appliance 4.3.10.4 Pre-auth command injection( CVE-2023-1671 ) title:"Sophos Web Appliance"	Behnam Abasi Vanda
2023-04-23
Med.	Bluesoft Infotech - Sql Injection Vulnerability "Designed by Bluesoft Infotech"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2023-06-07

Low

Med.

Med.

Med.

2023-06-06

Low

High

Low

Low

2023-06-02

Med.

High

Low

2023-05-30

Med.

High

The latest CVEs

2023-06-08

Dorks

2023-05-28

Med.

Low

2023-05-21

Low

2023-04-25

Med.

2023-04-23

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations