Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-14
Low
Chyrp 2.5.2 Cross Site Scripting
Ahmet Umit Bayram
Med.
82webmaster - Blind Sql Injection
behrouz mansoori
Med.
Webmirchi - Blind Sql Injection
behrouz mansoori
High
Backdoor.Win32.AsyncRat / Arbitrary Code Execution
malvuln
High
TrojanSpy.Win64.EMOTET.A / Arbitrary Code Execution
malvuln
Low
Apache mod_proxy_cluster Cross Site Scripting CVE-2023-6710
Mohamed Mounir Boudjema
Low
Leafpub 1.1.9 Cross Site Scripting
Ahmet Umit Bayram
2024-05-13
Med.
Kemp LoadMaster Local sudo Privilege Escalation
bwatters-r7
Med.
Panel.SmokeLoader / Cross Site Request Forgery (CSRF) - Persistent XSS
malvuln
Low
Esteghlal F.C. Cross Site Scripting
E1.Coders
Med.
Prison Management System SQL Injection Authentication Bypass CVE-2024-33288
Sanjay Singh
2024-05-12
High
Microsoft PlayReady Complete Client Identity Compromise
Adam Gowdiak
Med.
Castel Digital Authentication Bypass
CCA469

The latest CVEs

Dorks

2024-05-15
CVE-2023-5935
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window of opportunity when the local web interface is act...
CVE-2023-5936
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
CVE-2023-5937
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.
CVE-2024-31216
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to us...
CVE-2024-35179
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only gra...
CVE-2024-3317
An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.
CVE-2024-3318
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the ??file?? attribute, which in turn allowed the user to access files uploaded for other sources.
CVE-2024-3319
An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.
CVE-2024-4903
A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of...
CVE-2023-5938
Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files extracted to arbitrary filesystem locati...
2024-05-14
Med.
82webmaster - Blind Sql Injection
"Design & Developed By: 82webmaster"
 behrouz mansoori
Med.
Webmirchi - Blind Sql Injection
"Powered by Webmirchi"
 behrouz mansoori
2024-05-12
Med.
Castel Digital Authentication Bypass
"Castel Digital"
 CCA469
2024-05-06
Med.
Kobiz Design - Sql Injection
"Desing by Kobiz Design Co"
 behrouz mansoori
2024-05-05
Med.
Oracuz - Blind Sql Injection
"Design by Oracuz"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top