Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-20
Med.
Apache OFBiz 18.12.12 Directory Traversal
Abdualhadi Khalifa
Med.
Tenant Limited 1.0 SQL Injection
nu11secur1ty
Med.
Oracuz - Sql Injection
behrouz mansoori
Med.
82webmaster - Sql Injection
behrouz mansoori
Med.
VSP Softtech - Sql Injection
behrouz mansoori
Med.
Website by MSBu.de - Blind Sql Injection
behrouz mansoori
Med.
Backdrop CMS 1.27.1 Remote Command Execution
Ahmet Umit Bayram
High
PopojiCMS 2.0.1 Remote Command Execution
Ahmet Umit Bayram
2024-05-19
Low
Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting
malvuln
Low
Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting
malvuln
Med.
Intent Tech Solutions - Sql Injection
behrouz mansoori
Med.
Intent Tech Solutions - Blind Sql Injection
behrouz mansoori
2024-05-18
Low
TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution
malvuln

The latest CVEs

Dorks

2024-05-21
CVE-2023-37929
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
CVE-2024-0816
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
CVE-2024-3155
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel ?? Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
CVE-2024-4943
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ??has_field_link_rel?? parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in...
CVE-2024-34710
Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection paylo...
CVE-2024-4985
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this...
CVE-2024-5145
A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been d...
2024-05-20
CVE-2024-33900
KeePassXC 2.7.7 allows attackers to recover cleartext credentials.
CVE-2024-33901
Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.
CVE-2024-35191
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1....
2024-05-20
Med.
Oracuz - Sql Injection
"Design by Oracuz"
 behrouz mansoori
Med.
82webmaster - Sql Injection
"Design & Developed By: 82webmaster"
 behrouz mansoori
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
 behrouz mansoori
Med.
Website by MSBu.de - Blind Sql Injection
"Website by MSBu.de"
 behrouz mansoori
2024-05-19
Med.
Intent Tech Solutions - Sql Injection
"Designed by Intent Tech Solutions"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top