CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-05-20
Med.	Apache OFBiz 18.12.12 Directory Traversal Abdualhadi Khalifa
Med.	Tenant Limited 1.0 SQL Injection nu11secur1ty
Med.	Oracuz - Sql Injection behrouz mansoori
Med.	82webmaster - Sql Injection behrouz mansoori
Med.	VSP Softtech - Sql Injection behrouz mansoori
Med.	Website by MSBu.de - Blind Sql Injection behrouz mansoori
Med.	Backdrop CMS 1.27.1 Remote Command Execution Ahmet Umit Bayram
High	PopojiCMS 2.0.1 Remote Command Execution Ahmet Umit Bayram
2024-05-19
Low	Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting malvuln
Low	Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting malvuln
Med.	Intent Tech Solutions - Sql Injection behrouz mansoori
Med.	Intent Tech Solutions - Blind Sql Injection behrouz mansoori
2024-05-18
Low	TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution malvuln

Dorks

2024-05-21
CVE-2024-4943	The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ??has_field_link_rel?? parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in...
CVE-2024-34710	Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection paylo...
CVE-2024-4985	An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this...
CVE-2024-5145	A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been d...
2024-05-20
CVE-2024-33900	KeePassXC 2.7.7 allows attackers to recover cleartext credentials.
CVE-2024-33901	Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.
CVE-2024-35191	Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1....
CVE-2024-35192	Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). The...
CVE-2024-35194	Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisori...
CVE-2024-35195	Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycl...

2024-05-20
Med.	Oracuz - Sql Injection "Design by Oracuz"	behrouz mansoori
Med.	82webmaster - Sql Injection "Design & Developed By: 82webmaster"	behrouz mansoori
Med.	VSP Softtech - Sql Injection "Developed By VSP Softtech"	behrouz mansoori
Med.	Website by MSBu.de - Blind Sql Injection "Website by MSBu.de"	behrouz mansoori
2024-05-19
Med.	Intent Tech Solutions - Sql Injection "Designed by Intent Tech Solutions"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-05-20

Med.

Med.

Med.

Med.

Med.

Med.

Med.

High

2024-05-19

Low

Low

Med.

Med.

2024-05-18

Low

The latest CVEs

2024-05-21

2024-05-20

Dorks

2024-05-20

Med.

Med.

Med.

Med.

2024-05-19

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations