Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-22
Med.
WordPress XStore Theme 9.3.8 SQL Injection CVE-2024-33559
Abdualhadi Khalifa
High
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution CVE-2024-30850
h00die
Med.
Webmirchi - Sql Injection
behrouz mansoori
Low
Rocket LMS 1.9 Cross Site Scripting CVE-2024-34241
Sergio Medeiros
Med.
Axiomatic - Blind Sql Injection
behrouz mansoori
Med.
TENANT-LIMITED-1.0 SQLi
nu11secur1ty
Med.
MVOGMS-by-oretnom23-v1.0 Multiple SQLi
nu11secur1ty
Low
Nethserver 7 / 8 Cross Site Scripting CVE-2024-34058
Andrea Intilangelo
High
AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
Valentin Lobstein
Med.
Chat Bot 1.0 SQL Injection
nu11secur1ty
2024-05-20
Med.
Apache OFBiz 18.12.12 Directory Traversal
Abdualhadi Khalifa
Med.
Tenant Limited 1.0 SQL Injection
nu11secur1ty
Med.
Oracuz - Sql Injection
behrouz mansoori

The latest CVEs

Dorks

2024-05-23
CVE-2024-26139
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
CVE-2024-28188
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.
CVE-2024-34060
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. Th...
CVE-2024-1803
The EmbedPress ?? Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it ...
CVE-2024-35197
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that appear to have co...
CVE-2024-35224
OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions "Edit work packages" as well as "Add attachments&q...
CVE-2024-4471
The 140+ Widgets | Best Addons For Elementor ?? FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain ...
CVE-2024-5168
Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application.
CVE-2024-2861
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...
CVE-2024-4779
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ??data[post_ids][0]?? parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it poss...
2024-05-22
Med.
Webmirchi - Sql Injection
"Powered by Webmirchi"
 behrouz mansoori
Med.
Axiomatic - Blind Sql Injection
"Design by Axiomatic.it"
 behrouz mansoori
2024-05-20
Med.
Oracuz - Sql Injection
"Design by Oracuz"
 behrouz mansoori
Med.
82webmaster - Sql Injection
"Design & Developed By: 82webmaster"
 behrouz mansoori
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top