Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2021-07-28
High
Med.
Med.
High
Low
High
High
Med.
2021-07-27
Med.
High
High
Med.
High

The latest CVEs

2021-07-29
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attacke...
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. T...
2021-07-28
CVE-2021-23415
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
CVE-2021-23416
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2020-4974
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
CVE-2021-32000
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1...
CVE-2021-32001
A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc) and decrypt it, without having to ...
CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

Dorks

2021-07-28
Med.
TripSpark VEO Transportation SQL Injection
inhtml:"Student Busing Information"
Sedric Louissaint
2021-07-27
Med.
Better Proposals: Online Proposal Software | SQL Injection
.php?id= betterproposals.io
0x01369
2021-07-26
Med.
Schoolsindia SQL Injection
intext:"Powered by Schoolsindia"
h4shur
2021-07-24
Med.
hamayeshnegar CMS 10.0.5 - Authentication Bypass
intext:"طراحی و پیاده سازی شده توسط : همایش نگار (ویرایش 10.0.5)"
Aryan Chehreghani
2021-07-23
Med.
Design & Developed By Sial Web - Html Injection
intext:"Design & Developed By Sial Web"
YangMangChun

Copyright 2021, cxsecurity.com

 

Back to Top