Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-24
Med.
Low
High
2024-05-22
Med.
High
Med.
Low
Med.
Med.
Med.
Low
High
Med.

The latest CVEs

Dorks

2024-05-25
CVE-2024-5220
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in page...
CVE-2024-4858
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feat...
CVE-2024-5229
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level ac...
CVE-2024-5218
The Reviews and Rating ?? Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject a...
CVE-2024-36079
An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.
2024-05-24
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
CVE-2024-35373
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
CVE-2024-35374
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
CVE-2024-35387
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2024-33471
An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2024-05-22
Med.
Webmirchi - Sql Injection
"Powered by Webmirchi"
behrouz mansoori
Med.
Axiomatic - Blind Sql Injection
"Design by Axiomatic.it"
behrouz mansoori
2024-05-20
Med.
Oracuz - Sql Injection
"Design by Oracuz"
behrouz mansoori
Med.
82webmaster - Sql Injection
"Design & Developed By: 82webmaster"
behrouz mansoori
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
behrouz mansoori

Copyright 2024, cxsecurity.com

 

Back to Top