Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-01
High
Kemp LoadMaster Unauthenticated Command Injection
Dave Yesland
Low
Doctor Appointment Management System 1.0 Cross Site Scripting CVE-2024-4293
SoSPiro
Low
osCommerce 4 - Reflected XSS CVE-2024-4348
CraCkEr
Med.
Travel-Manager-OTMSP-1.0 Multiple SQLi
nu11secur1ty
2024-04-27
High
Positron Broadcast Signal Processor TRA7005 v1.20 Authentication Bypass
LiquidWorm
High
GitLens Git Local Configuration Execution
h00die
Med.
fvgfl - SQL Injection vulnerability
Mahdi Karimi
2024-04-25
Med.
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution CVE-2023-48788
Spencer McIntyre
High
Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE Multiple CVE
kai6u
High
Palo Alto PAN-OS Command Execution / Arbitrary File Creation CVE-2024-3400
Kr0ff
Med.
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution CVE-2024-3400
sfewer-r7
High
Hikvision Camera - Remote command execution
parsa rezaie khiabanloo
Med.
Apache Solr Backup/Restore API Remote Code Execution CVE-2023-50386
jheysel-r7

The latest CVEs

2024-05-02
CVE-2024-32638
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.
CVE-2024-3955
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: ...
CVE-2024-33911
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.
CVE-2024-33913
Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1.
CVE-2024-33922
Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2.
CVE-2024-33930
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97.
CVE-2024-3005
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ...
CVE-2024-2405
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.
CVE-2024-3471
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack
CVE-2024-3472
The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

Dorks

2024-04-27
Med.
fvgfl - SQL Injection vulnerability
"Web Design fvgfl"
 Mahdi Karimi
2024-04-25
High
Hikvision Camera - Remote command execution
In Shodan search engine, the filter is "Web Version="3.1.3.150324" http.favicon.hash:999357577"
 parsa rezaie khiabanloo
2024-04-21
Med.
North Wales - Sql Injection
"Web Design North Wales"
 behrouz mansoori
Med.
Solar-Log Base 2000- Broken Access Control
In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600""
 parsa rezaie khiabanloo
2024-04-14
Med.
Bigem Teknoloji - Sql Injection
"Designed by Bigem Teknoloji"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top