Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-06-11
High
VSCode ipynb Remote Code Execution CVE-2022-41034
h00die
2024-06-10
Med.
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR Multiple CVE
C. Schwarz
Med.
SEH utnserver Pro/ProMAX / INU-100 20.1.22 XSS / DoS / File Disclosure Multiple CVE
T. Weber
Med.
FengOffice 3.11.1.2 SQL Injection
Andrey Stoykov
2024-06-09
High
changedetection 0.45.20 Remote Code Execution CVE-2024-32651
Zach Crosman
2024-06-08
Med.
Neetai Tech - Blind Sql Injection
behrouz mansoori
2024-06-07
Med.
Aquatronica Control System 5.1.6 Password Disclosure
LiquidWorm
Med.
Check Point Security Gateway Information Disclosure CVE-2024-24919
Yesith Alvarez
Med.
Online Fire Reporting System OFRS SQL Injection Authentication Bypass
Diyar Saadi
High
CMSimple 5.15 Remote Shell Upload
Ahmet Umit Bayram
High
appRain CMF 4.0.5 Shell Upload
Ahmet Umit Bayram
Med.
Boelter Blue System Management 1.3 SQL Injection CVE-2024-36840
CBKB
Med.
Trojan.Win32.DarkGateLoader (multi variants) / Arbitrary Code Execution
malvuln

The latest CVEs

Dorks

2024-06-12
CVE-2024-36103
OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
CVE-2024-4315
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited throu...
CVE-2024-4892
The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ??display_name?? parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in p...
CVE-2024-5543
The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2024-36856
RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP packets.
CVE-2024-4564
The CoDesigner WooCommerce Builder for Elementor ?? Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escapin...
CVE-2024-5553
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary...
CVE-2024-35225
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The `/proxy` endpoint accepts a `host` path segment in the format `/proxy/<host>`. When thi...
2024-06-11
CVE-2023-4727
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
CVE-2024-28877
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.
2024-06-08
Med.
Neetai Tech - Blind Sql Injection
"Reserved By Neetai Tech"
 behrouz mansoori
2024-06-07
Med.
Boelter Blue System Management 1.3 SQL Injection( CVE-2024-36840 )
inurl:"Powered by Boelter Blue"
 CBKB
2024-05-28
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
 behrouz mansoori
Med.
Designed By San Software - Sql Injection
"Designed By San Software"
 behrouz mansoori
Med.
Designed By San Software - Blind Sql Injection
"Designed By San Software"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top