Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-16
Med.
CrushFTP Directory Traversal
Abdualhadi Khalifa
High
Plantronics Hub 3.25.1 Arbitrary File Read CVE-2024-27460
Alaa Kachouh
Med.
SAP Cloud Connector 2.16.1 Missing Validation CVE-2024-25642
Mingshuo Li
Med.
Zope 5.9 Command Injection
Ilyase Dehy
Med.
VSP Softtech - Blind Sql Injection
behrouz mansoori
2024-05-14
Low
Chyrp 2.5.2 Cross Site Scripting
Ahmet Umit Bayram
Med.
82webmaster - Blind Sql Injection
behrouz mansoori
Med.
Webmirchi - Blind Sql Injection
behrouz mansoori
High
Backdoor.Win32.AsyncRat / Arbitrary Code Execution
malvuln
High
TrojanSpy.Win64.EMOTET.A / Arbitrary Code Execution
malvuln
Low
Apache mod_proxy_cluster Cross Site Scripting CVE-2023-6710
Mohamed Mounir Boudjema
Low
Leafpub 1.1.9 Cross Site Scripting
Ahmet Umit Bayram
2024-05-13
Med.
Kemp LoadMaster Local sudo Privilege Escalation
bwatters-r7

The latest CVEs

Dorks

2024-05-17
CVE-2024-22429
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
CVE-2024-31974
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in...
CVE-2024-34058
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).
CVE-2024-34241
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.
CVE-2024-5072
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
CVE-2023-5597
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code.
CVE-2024-35190
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
CVE-2024-3289
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
CVE-2024-3290
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
CVE-2024-3291
When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
2024-05-16
Med.
VSP Softtech - Blind Sql Injection
"Developed by VSP Softtech"
 behrouz mansoori
2024-05-14
Med.
82webmaster - Blind Sql Injection
"Design & Developed By: 82webmaster"
 behrouz mansoori
Med.
Webmirchi - Blind Sql Injection
"Powered by Webmirchi"
 behrouz mansoori
2024-05-12
Med.
Castel Digital Authentication Bypass
"Castel Digital"
 CCA469
2024-05-06
Med.
Kobiz Design - Sql Injection
"Desing by Kobiz Design Co"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top