Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-04-25
Med.
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution CVE-2023-48788
Spencer McIntyre
High
Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE Multiple CVE
kai6u
High
Palo Alto PAN-OS Command Execution / Arbitrary File Creation CVE-2024-3400
Kr0ff
Med.
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution CVE-2024-3400
sfewer-r7
High
Hikvision Camera - Remote command execution
parsa rezaie khiabanloo
Med.
Apache Solr Backup/Restore API Remote Code Execution CVE-2023-50386
jheysel-r7
Low
Nginx 1.25.5 Host Header Validation
dhteam
2024-04-22
Med.
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
LiquidWorm
Med.
LRMS-PHP-by-oretnom23-v1.0 hat-trick
nu11secur1ty
2024-04-21
High
WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated)
tmrswrr
Med.
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference
LiquidWorm
Med.
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass
LiquidWorm
Low
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference
LiquidWorm

The latest CVEs

2024-04-26
CVE-2022-48611
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
CVE-2023-26603
JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.
CVE-2024-25343
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.
CVE-2024-28326
Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.
CVE-2024-4238
A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and...
CVE-2024-31502
An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff.
CVE-2024-31601
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.
CVE-2024-32878
Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this uninitialized value and cause arbitrary address free ...
CVE-2024-32881
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in ve...
CVE-2024-32883
MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. Howeve...

Dorks

2024-04-25
High
Hikvision Camera - Remote command execution
In Shodan search engine, the filter is "Web Version="3.1.3.150324" http.favicon.hash:999357577"
 parsa rezaie khiabanloo
2024-04-21
Med.
North Wales - Sql Injection
"Web Design North Wales"
 behrouz mansoori
Med.
Solar-Log Base 2000- Broken Access Control
In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600""
 parsa rezaie khiabanloo
2024-04-14
Med.
Bigem Teknoloji - Sql Injection
"Designed by Bigem Teknoloji"
 behrouz mansoori
2024-04-06
Med.
SolarView Compact 6.00 - Command Injection
http.html:"solarview compact"
 parsa rezaie khiabanloo
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top