Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-29
High
Eclipse ThreadX Buffer Overflows Multiple CVE
Marco Ivaldi
Med.
HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation Multiple CVE
Thorger Jansen
Med.
Siemens CP-XXXX Series Exposed Serial Shell
Gerhard Hechenberger
2024-05-28
Med.
VSP Softtech - Sql Injection
behrouz mansoori
Med.
Joomla 4.2.8 Information Disclosure CVE-2023-23752
d4t4s3c
High
NorthStar C2 Cross Site Scripting / Code Execution CVE-2024-28741
h00die
Med.
FleetCart 4.1.1 Information Disclosure CVE-2024-5230
CraCkEr
Med.
Designed By San Software - Sql Injection
behrouz mansoori
Med.
OEWS - PHP (by: oretnom23 ) v1.0 Multiple SQLi
nu11secur1ty
Med.
Designed By San Software - Blind Sql Injection
behrouz mansoori
High
ElkArte Forum 1.1.9 Remote Code Execution
tmrswrr
2024-05-24
Med.
Debezium UI 2.5 Credential Disclosure CVE-2024-28736
Ihsan Cetin
Low
Jcow Social Network Cross Site Scripting
tmrswrr

The latest CVEs

Dorks

2024-05-29
CVE-2023-6743
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.
CVE-2024-21512
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
CVE-2024-4611
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if ...
CVE-2024-3050
The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking
CVE-2024-3921
The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3937
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-4419
The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that w...
CVE-2024-36014
In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_rese...
CVE-2024-36015
In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a war...
CVE-2024-5086
The Essential Addons for Elementor PRO ?? Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input sanitization and output escaping on user supplied ...
2024-05-28
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
 behrouz mansoori
Med.
Designed By San Software - Sql Injection
"Designed By San Software"
 behrouz mansoori
Med.
Designed By San Software - Blind Sql Injection
"Designed By San Software"
 behrouz mansoori
2024-05-22
Med.
Webmirchi - Sql Injection
"Powered by Webmirchi"
 behrouz mansoori
Med.
Axiomatic - Blind Sql Injection
"Design by Axiomatic.it"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top