CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-06-11
High	VSCode ipynb Remote Code Execution CVE-2022-41034 h00die
2024-06-10
Med.	Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR Multiple CVE C. Schwarz
Med.	SEH utnserver Pro/ProMAX / INU-100 20.1.22 XSS / DoS / File Disclosure Multiple CVE T. Weber
Med.	FengOffice 3.11.1.2 SQL Injection Andrey Stoykov
2024-06-09
High	changedetection 0.45.20 Remote Code Execution CVE-2024-32651 Zach Crosman
2024-06-08
Med.	Neetai Tech - Blind Sql Injection behrouz mansoori
2024-06-07
Med.	Aquatronica Control System 5.1.6 Password Disclosure LiquidWorm
Med.	Check Point Security Gateway Information Disclosure CVE-2024-24919 Yesith Alvarez
Med.	Online Fire Reporting System OFRS SQL Injection Authentication Bypass Diyar Saadi
High	CMSimple 5.15 Remote Shell Upload Ahmet Umit Bayram
High	appRain CMF 4.0.5 Shell Upload Ahmet Umit Bayram
Med.	Boelter Blue System Management 1.3 SQL Injection CVE-2024-36840 CBKB
Med.	Trojan.Win32.DarkGateLoader (multi variants) / Arbitrary Code Execution malvuln

Dorks

2024-06-13
CVE-2024-1495	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file.
CVE-2024-1736	An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.
CVE-2024-1963	An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests...
CVE-2024-4201	A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.
2024-06-12
CVE-2023-49559	An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
CVE-2024-36523	An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts.
CVE-2024-37665	An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request.
CVE-2024-3467	There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.
CVE-2024-3468	There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.
CVE-2024-0865	CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.

2024-06-08
Med.	Neetai Tech - Blind Sql Injection "Reserved By Neetai Tech"	behrouz mansoori
2024-06-07
Med.	Boelter Blue System Management 1.3 SQL Injection( CVE-2024-36840 ) inurl:"Powered by Boelter Blue"	CBKB
2024-05-28
Med.	VSP Softtech - Sql Injection "Developed By VSP Softtech"	behrouz mansoori
Med.	Designed By San Software - Sql Injection "Designed By San Software"	behrouz mansoori
Med.	Designed By San Software - Blind Sql Injection "Designed By San Software"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-06-11

High

2024-06-10

Med.

Med.

Med.

2024-06-09

High

2024-06-08

Med.

2024-06-07

Med.

Med.

Med.

High

High

Med.

Med.

The latest CVEs

2024-06-13

2024-06-12

Dorks

2024-06-08

Med.

2024-06-07

Med.

2024-05-28

Med.

Med.

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations