Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-05-01
High
Kemp LoadMaster Unauthenticated Command Injection
Dave Yesland
Low
Doctor Appointment Management System 1.0 Cross Site Scripting CVE-2024-4293
SoSPiro
Low
osCommerce 4 - Reflected XSS CVE-2024-4348
CraCkEr
Med.
Travel-Manager-OTMSP-1.0 Multiple SQLi
nu11secur1ty
2024-04-27
High
Positron Broadcast Signal Processor TRA7005 v1.20 Authentication Bypass
LiquidWorm
High
GitLens Git Local Configuration Execution
h00die
Med.
fvgfl - SQL Injection vulnerability
Mahdi Karimi
2024-04-25
Med.
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution CVE-2023-48788
Spencer McIntyre
High
Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE Multiple CVE
kai6u
High
Palo Alto PAN-OS Command Execution / Arbitrary File Creation CVE-2024-3400
Kr0ff
Med.
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution CVE-2024-3400
sfewer-r7
High
Hikvision Camera - Remote command execution
parsa rezaie khiabanloo
Med.
Apache Solr Backup/Restore API Remote Code Execution CVE-2023-50386
jheysel-r7

The latest CVEs

2024-05-01
CVE-2023-40533
An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially crafted HTTP request can result in disclosure of data allocated on the heap, which could contain sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVE-2023-47166
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.
CVE-2023-47212
A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulne...
CVE-2024-28893
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).
CVE-2024-33820
Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.
CVE-2023-7241
Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on Windows64 bit and 32 bit allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files.
CVE-2024-20357
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected de...
CVE-2024-20376
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted requ...
CVE-2024-20378
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could e...

Dorks

2024-04-27
Med.
fvgfl - SQL Injection vulnerability
"Web Design fvgfl"
 Mahdi Karimi
2024-04-25
High
Hikvision Camera - Remote command execution
In Shodan search engine, the filter is "Web Version="3.1.3.150324" http.favicon.hash:999357577"
 parsa rezaie khiabanloo
2024-04-21
Med.
North Wales - Sql Injection
"Web Design North Wales"
 behrouz mansoori
Med.
Solar-Log Base 2000- Broken Access Control
In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600""
 parsa rezaie khiabanloo
2024-04-14
Med.
Bigem Teknoloji - Sql Injection
"Designed by Bigem Teknoloji"
 behrouz mansoori
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top