CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-05-24
Med.	Debezium UI 2.5 Credential Disclosure CVE-2024-28736 Ihsan Cetin
Low	Jcow Social Network Cross Site Scripting tmrswrr
High	4BRO Insecure Direct Object Reference / API Information Exposure Max Rull
2024-05-22
Med.	WordPress XStore Theme 9.3.8 SQL Injection CVE-2024-33559 Abdualhadi Khalifa
High	CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution CVE-2024-30850 h00die
Med.	Webmirchi - Sql Injection behrouz mansoori
Low	Rocket LMS 1.9 Cross Site Scripting CVE-2024-34241 Sergio Medeiros
Med.	Axiomatic - Blind Sql Injection behrouz mansoori
Med.	TENANT-LIMITED-1.0 SQLi nu11secur1ty
Med.	MVOGMS-by-oretnom23-v1.0 Multiple SQLi nu11secur1ty
Low	Nethserver 7 / 8 Cross Site Scripting CVE-2024-34058 Andrea Intilangelo
High	AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution Valentin Lobstein
Med.	Chat Bot 1.0 SQL Injection nu11secur1ty

Dorks

2024-05-28
CVE-2024-36426	In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
CVE-2024-36428	OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.
2024-05-27
CVE-2024-29415	The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
CVE-2024-34923	In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS).
CVE-2024-27310	Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query.
CVE-2024-35238	Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response e...
CVE-2024-36036	Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
CVE-2024-36037	Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
CVE-2024-36105	dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `INADDR_ANY (0.0.0.0)` or `IN6ADDR_ANY (::)` exposes an application on all network interfaces, increasing the risk of unauthorized access. As stated in th...
CVE-2024-35181	Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may b...

2024-05-22
Med.	Webmirchi - Sql Injection "Powered by Webmirchi"	behrouz mansoori
Med.	Axiomatic - Blind Sql Injection "Design by Axiomatic.it"	behrouz mansoori
2024-05-20
Med.	Oracuz - Sql Injection "Design by Oracuz"	behrouz mansoori
Med.	82webmaster - Sql Injection "Design & Developed By: 82webmaster"	behrouz mansoori
Med.	VSP Softtech - Sql Injection "Developed By VSP Softtech"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-05-24

Med.

Low

High

2024-05-22

Med.

High

Med.

Low

Med.

Med.

Med.

Low

High

Med.

The latest CVEs

2024-05-28

2024-05-27

Dorks

2024-05-22

Med.

Med.

2024-05-20

Med.

Med.

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations