Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-06-04
Low
Sitefinity 15.0 Cross Site Scripting CVE-2023-27636
Aldi Saputra Wahyudi
High
FreePBX 16 Remote Code Execution
Cold z3ro
High
WBCE CMS 1.6.2 Remote Code Execution
Ahmet Umit Bayram
High
Dotclear 2.29 Remote Code Execution
Ahmet Umit Bayram
High
Serendipity 2.5.0 Remote Code Execution
Ahmet Umit Bayram
2024-06-02
Med.
Online Payment Hub System - SQLi Authentication Bypass
Hamit AVSAR
Low
iMLog Cross Site Scripting
Gabriel Felipe
Med.
Craft CMS Logs Plugin 3.0.3 Path Traversal (Authenticated) CVE-2022-23409
Steffen Rogge
Med.
Progress Flowmon 12.3.5 Local sudo Privilege Escalation CVE-2024-2389
Dave Yesland
Med.
Akaunting 3.1.8 Client-Side Template Injection
tmrswrr
High
Akaunting 3.1.8 Server-Side Template Injection
tmrswrr
Low
ORing IAP-420 2.01e Cross Site Scripting / Command Injection Multiple CVE
T. Weber
Med.
BWL Advanced FAQ Manager 2.0.3 SQL Injection CVE-2024-32136
Ivan Spiridonov

The latest CVEs

Dorks

2024-06-06
CVE-2024-1879
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a mali...
CVE-2024-2914
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data thef...
CVE-2024-30368
A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the lack ...
CVE-2024-30369
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific f...
CVE-2024-30374
Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. ...
CVE-2024-30375
Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s...
CVE-2024-36736
An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.
CVE-2024-36737
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.
CVE-2024-36743
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.
CVE-2024-36745
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.
2024-05-28
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
 behrouz mansoori
Med.
Designed By San Software - Sql Injection
"Designed By San Software"
 behrouz mansoori
Med.
Designed By San Software - Blind Sql Injection
"Designed By San Software"
 behrouz mansoori
2024-05-22
Med.
Webmirchi - Sql Injection
"Powered by Webmirchi"
 behrouz mansoori
Med.
Axiomatic - Blind Sql Injection
"Design by Axiomatic.it"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top