CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-05-01
High	Kemp LoadMaster Unauthenticated Command Injection Dave Yesland
Low	Doctor Appointment Management System 1.0 Cross Site Scripting CVE-2024-4293 SoSPiro
Low	osCommerce 4 - Reflected XSS CVE-2024-4348 CraCkEr
Med.	Travel-Manager-OTMSP-1.0 Multiple SQLi nu11secur1ty
2024-04-27
High	Positron Broadcast Signal Processor TRA7005 v1.20 Authentication Bypass LiquidWorm
High	GitLens Git Local Configuration Execution h00die
Med.	fvgfl - SQL Injection vulnerability Mahdi Karimi
2024-04-25
Med.	FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution CVE-2023-48788 Spencer McIntyre
High	Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE Multiple CVE kai6u
High	Palo Alto PAN-OS Command Execution / Arbitrary File Creation CVE-2024-3400 Kr0ff
Med.	Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution CVE-2024-3400 sfewer-r7
High	Hikvision Camera - Remote command execution parsa rezaie khiabanloo
Med.	Apache Solr Backup/Restore API Remote Code Execution CVE-2023-50386 jheysel-r7

The latest CVEs

2024-05-01
CVE-2024-32973	Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session. This results in the HTTP library and socket.starttls...
CVE-2024-32979	Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cro...
CVE-2024-32984	Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a n...
CVE-2024-33835	Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
CVE-2023-52647	In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access When translating source to sink streams in the crossbar subdev, the driver tries to locate the remote subdev connected to the sink pad. The remote pad may be NULL, if userspace tries to enable a stream tha...
CVE-2023-52648	In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the variable indicating whether the surface is currently m...
CVE-2024-26929	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of fcport The server was crashing after LOGO because fcport was getting freed twice. -----------[ cut here ]----------- kernel BUG at mm/slub.c:371! invalid opcode: 0000 1 SMP PTI CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE -------...
CVE-2024-26930	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take ...
CVE-2024-26931	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: load...
CVE-2024-26932	In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is kfreed by pd_capabilities_release() and the sec...

Dorks

2024-04-27
Med.	fvgfl - SQL Injection vulnerability "Web Design fvgfl"	Mahdi Karimi
2024-04-25
High	Hikvision Camera - Remote command execution In Shodan search engine, the filter is "Web Version="3.1.3.150324" http.favicon.hash:999357577"	parsa rezaie khiabanloo
2024-04-21
Med.	North Wales - Sql Injection "Web Design North Wales"	behrouz mansoori
Med.	Solar-Log Base 2000- Broken Access Control In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600""	parsa rezaie khiabanloo
2024-04-14
Med.	Bigem Teknoloji - Sql Injection "Designed by Bigem Teknoloji"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-05-01

High

Low

Low

Med.

2024-04-27

High

High

Med.

2024-04-25

Med.

High

High

Med.

High

Med.

The latest CVEs

2024-05-01

Dorks

2024-04-27

Med.

2024-04-25

High

2024-04-21

Med.

Med.

2024-04-14

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations