CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-04-16
High	BMC Compuware iStrobe Web 20.13 Pre-auth RCE CVE-2023-40304 trancap
Med.	Centreon 23.10-1.el8 SQL Injection Cody Sixteen
High	CrushFTP Remote Code Execution CVE-2023-43177 Christophe de la Fuente
High	kruxton-1.0-FileUpload-RCE nu11secur1ty
High	Backdoor.Win32.Dumador.c / Remote Stack Buffer Overflow (SEH) malvuln
2024-04-15
Med.	Amazon AWS Glue Database Password Disclosure Michael Werner
High	OpenClinic GA 5.247.01 Path Traversal (Authenticated) CVE-2023-40279 V. B.
High	PrusaSlicer 2.6.1 Arbitrary Code Execution CVE-2023-47268 Kamil Brenski
Med.	AMPLE BILLS 0.1 SQL injection nu11secur1ty
Med.	kruxton-1.0-Multiple-SQLi nu11secur1ty
High	Django REST Framework SimpleJWT 5.3.1 Information Disclosure CVE-2024-22513 Dhrumil Mistry
Med.	Jenkins 2.441 Local File Inclusion CVE-2024-23897 Matisse Beckandt
Med.	Moodle 3.10.1 SQL Injection CVE-2021-36393 Julio Ángel Ferrari

The latest CVEs

2024-04-19
CVE-2024-32683	Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.
CVE-2024-31744	In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.
CVE-2024-31745	Libdwarf v0.9.1 was discovered to contain a heap use-after-free via the dw_empty_errlist_item function at /libdwarf/dwarf_alloc.c.
CVE-2024-3654	An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session.
CVE-2024-29962	Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.
CVE-2024-29964	Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker instance could access any other instances, and a few could access sensiti...
CVE-2024-29965	In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.
CVE-2024-29966	Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.
CVE-2024-29967	In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.
CVE-2024-2761	The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.

Dorks

2024-04-14
Med.	Bigem Teknoloji - Sql Injection "Designed by Bigem Teknoloji"	behrouz mansoori
2024-04-06
Med.	SolarView Compact 6.00 - Command Injection http.html:"solarview compact"	parsa rezaie khiabanloo
2024-03-30
High	SolarView Compact 6.00 - Command Injection Bypass authentication( CVE-2023-23333 ) http.html:"solarview compact"	parsa rezaie khiabanloo
2024-03-24
Med.	Chenarkhayyam - Sql Injection And Waf , Cdn Bypass "طراحی شده توسط سایت چنار خیام"	parsa rezaie khiabanloo
2024-03-20
High	SolarView Compact 6.00 Command Injection( CVE-2023-23333 ) http.html:"solarview compact"	ByteHunter

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-04-16

High

Med.

High

High

High

2024-04-15

Med.

High

High

Med.

Med.

High

Med.

Med.

The latest CVEs

2024-04-19

Dorks

2024-04-14

Med.

2024-04-06

Med.

2024-03-30

High

2024-03-24

Med.

2024-03-20

High

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations