Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-20
Med.
Apache OFBiz 18.12.12 Directory Traversal
Abdualhadi Khalifa
Med.
Tenant Limited 1.0 SQL Injection
nu11secur1ty
Med.
Oracuz - Sql Injection
behrouz mansoori
Med.
82webmaster - Sql Injection
behrouz mansoori
Med.
VSP Softtech - Sql Injection
behrouz mansoori
Med.
Website by MSBu.de - Blind Sql Injection
behrouz mansoori
Med.
Backdrop CMS 1.27.1 Remote Command Execution
Ahmet Umit Bayram
High
PopojiCMS 2.0.1 Remote Command Execution
Ahmet Umit Bayram
2024-05-19
Low
Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting
malvuln
Low
Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting
malvuln
Med.
Intent Tech Solutions - Sql Injection
behrouz mansoori
Med.
Intent Tech Solutions - Blind Sql Injection
behrouz mansoori
2024-05-18
Low
TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution
malvuln

The latest CVEs

Dorks

2024-05-21
CVE-2023-3938
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects  ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with t...
CVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFac...
CVE-2024-4435
When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". It was discovered recently that when we deallocate a node, in some cases only the first memory chunk is deallocated, and the rest of the memory chunks remain (incorrectly) allocated, causing a memory leak. In the worst case, depending on...
CVE-2024-4553
The WP Shortcodes Plugin ?? Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authe...
CVE-2024-4695
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
CVE-2024-4700
The WP Table Builder ?? WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute...
CVE-2024-4988
The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage.
CVE-2023-3940
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
CVE-2023-3941
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
CVE-2024-4361
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ...
2024-05-20
Med.
Oracuz - Sql Injection
"Design by Oracuz"
 behrouz mansoori
Med.
82webmaster - Sql Injection
"Design & Developed By: 82webmaster"
 behrouz mansoori
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
 behrouz mansoori
Med.
Website by MSBu.de - Blind Sql Injection
"Website by MSBu.de"
 behrouz mansoori
2024-05-19
Med.
Intent Tech Solutions - Sql Injection
"Designed by Intent Tech Solutions"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top