Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-29
High
Med.
Med.
2024-05-28
Med.
Med.
High
Med.
Med.
Med.
Med.
High
2024-05-24
Med.
Low

The latest CVEs

Dorks

2024-06-01
CVE-2024-2933
The Page Builder Gutenberg Blocks ?? CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level ...
CVE-2024-4711
The WordPress Infinite Scroll ?? Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to in...
CVE-2024-3564
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, a...
CVE-2024-3565
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
2024-05-31
CVE-2024-33996
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
CVE-2024-33997
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.
CVE-2024-33998
Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.
CVE-2024-33999
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CVE-2024-34000
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.
CVE-2024-34001
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.
2024-05-28
Med.
VSP Softtech - Sql Injection
"Developed By VSP Softtech"
behrouz mansoori
Med.
Designed By San Software - Sql Injection
"Designed By San Software"
behrouz mansoori
Med.
Designed By San Software - Blind Sql Injection
"Designed By San Software"
behrouz mansoori
2024-05-22
Med.
Webmirchi - Sql Injection
"Powered by Webmirchi"
behrouz mansoori
Med.
Axiomatic - Blind Sql Injection
"Design by Axiomatic.it"
behrouz mansoori

Copyright 2024, cxsecurity.com

 

Back to Top