Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-05
High
htmlLawed 1.2.5 Remote Command Execution CVE-2022-35914
d4t4s3c
Med.
Oracuz - Blind Sql Injection
behrouz mansoori
Med.
Kobiz Design - Blind Sql Injection
behrouz mansoori
2024-05-04
Med.
Sandhya Branding Agency - Blind Sql Injection
behrouz mansoori
Med.
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Disclosure
Gjoko 'LiquidWorm' Krstic
High
Microsoft PlayReady Cryptography Weakness
Adam Gowdiak
Med.
Webenlive - Sql Injection
behrouz mansoori
Low
SOPlanning 1.52.00 Cross Site Scripting
liquidsky
Med.
SOPlanning 1.52.00 SQL Injection
liquidsky
Low
SOPlanning 1.52.00 Cross Site Request Forgery
liquidsky
Med.
BitraTech - Sql Injection
behrouz mansoori
Med.
Bigem Teknoloji - Blind Sql Injection
behrouz mansoori
2024-05-01
High
Kemp LoadMaster Unauthenticated Command Injection
Dave Yesland

The latest CVEs

Dorks

2024-05-05
CVE-2024-4500
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...
CVE-2024-34500
An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.
CVE-2024-34502
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.
CVE-2024-34506
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.
CVE-2024-34507
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.
CVE-2024-34474
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.
CVE-2024-4494
A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...
CVE-2024-4495
A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerab...
CVE-2024-4496
A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-2...
CVE-2024-4497
A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263086 is the identif...
2024-05-05
Med.
Oracuz - Blind Sql Injection
"Design by Oracuz"
 behrouz mansoori
Med.
Kobiz Design - Blind Sql Injection
"Desing by Kobiz Design Co"
 behrouz mansoori
2024-05-04
Med.
Sandhya Branding Agency - Blind Sql Injection
"Powered by : Sandhya Branding Agency"
 behrouz mansoori
Med.
Webenlive - Sql Injection
"Design: Webenlive"
 behrouz mansoori
Med.
BitraTech - Sql Injection
"Powered By BitraTech"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top