Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-04-22
Med.
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
LiquidWorm
Med.
LRMS-PHP-by-oretnom23-v1.0 hat-trick
nu11secur1ty
2024-04-21
High
WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated)
tmrswrr
Med.
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference
LiquidWorm
Med.
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass
LiquidWorm
Low
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference
LiquidWorm
Med.
North Wales - Sql Injection
behrouz mansoori
Med.
Relate Learning And Teaching system Version before 2024.1 Stored XSS Multiple CVE
kai6u
Med.
Solar-Log Base 2000- Broken Access Control
parsa rezaie khiabanloo
Low
Relate Learning And Teaching system Version before 2024.1 SSTI(Page Sandbox function) lead to RCE Multiple CVE
kai6u
Med.
Flowise 1.6.5 Authentication Bypass CVE-2024-31621
Maerifat Majeed
Low
Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS)
Erdemstar
2024-04-16
High
BMC Compuware iStrobe Web 20.13 Pre-auth RCE CVE-2023-40304
trancap

The latest CVEs

2024-04-23
CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulti...
CVE-2024-32482
The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey??s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications...
CVE-2024-32658
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVE-2024-4062
A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this...
CVE-2024-4063
A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is to...
CVE-2024-32258
The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.
CVE-2024-21972
An out of bounds write vulnerability in the AMD Radeon?? user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.
CVE-2024-21979
An out of bounds write vulnerability in the AMD Radeon?? user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.
CVE-2024-28627
An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.
CVE-2024-2477
The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbi...

Dorks

2024-04-21
Med.
North Wales - Sql Injection
"Web Design North Wales"
 behrouz mansoori
Med.
Solar-Log Base 2000- Broken Access Control
In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600""
 parsa rezaie khiabanloo
2024-04-14
Med.
Bigem Teknoloji - Sql Injection
"Designed by Bigem Teknoloji"
 behrouz mansoori
2024-04-06
Med.
SolarView Compact 6.00 - Command Injection
http.html:"solarview compact"
 parsa rezaie khiabanloo
2024-03-30
High
SolarView Compact 6.00 - Command Injection Bypass authentication( CVE-2023-23333 )
http.html:"solarview compact"
 parsa rezaie khiabanloo
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top