CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-05-20
Med.	Apache OFBiz 18.12.12 Directory Traversal Abdualhadi Khalifa
Med.	Tenant Limited 1.0 SQL Injection nu11secur1ty
Med.	Oracuz - Sql Injection behrouz mansoori
Med.	82webmaster - Sql Injection behrouz mansoori
Med.	VSP Softtech - Sql Injection behrouz mansoori
Med.	Website by MSBu.de - Blind Sql Injection behrouz mansoori
Med.	Backdrop CMS 1.27.1 Remote Command Execution Ahmet Umit Bayram
High	PopojiCMS 2.0.1 Remote Command Execution Ahmet Umit Bayram
2024-05-19
Low	Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting malvuln
Low	Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting malvuln
Med.	Intent Tech Solutions - Sql Injection behrouz mansoori
Med.	Intent Tech Solutions - Blind Sql Injection behrouz mansoori
2024-05-18
Low	TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution malvuln

Dorks

2024-05-21
CVE-2024-31756	An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.
CVE-2024-34274	OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-35220	@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. This vulnerability has been patched 10.8.0.
CVE-2024-5040	There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
CVE-2024-22273	The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
CVE-2024-22274	The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
CVE-2024-22275	The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
CVE-2024-31757	An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.
CVE-2024-34240	QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records.
CVE-2024-35056	NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.

2024-05-20
Med.	Oracuz - Sql Injection "Design by Oracuz"	behrouz mansoori
Med.	82webmaster - Sql Injection "Design & Developed By: 82webmaster"	behrouz mansoori
Med.	VSP Softtech - Sql Injection "Developed By VSP Softtech"	behrouz mansoori
Med.	Website by MSBu.de - Blind Sql Injection "Website by MSBu.de"	behrouz mansoori
2024-05-19
Med.	Intent Tech Solutions - Sql Injection "Designed by Intent Tech Solutions"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-05-20

Med.

Med.

Med.

Med.

Med.

Med.

Med.

High

2024-05-19

Low

Low

Med.

Med.

2024-05-18

Low

The latest CVEs

2024-05-21

Dorks

2024-05-20

Med.

Med.

Med.

Med.

2024-05-19

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations