CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-05-16
Med.	SAP Cloud Connector 2.16.1 Missing Validation CVE-2024-25642 Mingshuo Li
Med.	Zope 5.9 Command Injection Ilyase Dehy
Med.	VSP Softtech - Blind Sql Injection behrouz mansoori
2024-05-14
Low	Chyrp 2.5.2 Cross Site Scripting Ahmet Umit Bayram
Med.	82webmaster - Blind Sql Injection behrouz mansoori
Med.	Webmirchi - Blind Sql Injection behrouz mansoori
High	Backdoor.Win32.AsyncRat / Arbitrary Code Execution malvuln
High	TrojanSpy.Win64.EMOTET.A / Arbitrary Code Execution malvuln
Low	Apache mod_proxy_cluster Cross Site Scripting CVE-2023-6710 Mohamed Mounir Boudjema
Low	Leafpub 1.1.9 Cross Site Scripting Ahmet Umit Bayram
2024-05-13
Med.	Kemp LoadMaster Local sudo Privilege Escalation bwatters-r7
Med.	Panel.SmokeLoader / Cross Site Request Forgery (CSRF) - Persistent XSS malvuln
Low	Esteghlal F.C. Cross Site Scripting E1.Coders

Dorks

2024-05-16
CVE-2023-48643	Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives config...
CVE-2024-34273	njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.
CVE-2024-34751	Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.
CVE-2024-34760	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.
CVE-2024-34805	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.
CVE-2024-34808	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.
CVE-2024-35176	REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't par...
CVE-2024-35185	Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the RE...
CVE-2024-35187	Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to ...
CVE-2024-3640	An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access?? possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor need...

2024-05-16
Med.	VSP Softtech - Blind Sql Injection "Developed by VSP Softtech"	behrouz mansoori
2024-05-14
Med.	82webmaster - Blind Sql Injection "Design & Developed By: 82webmaster"	behrouz mansoori
Med.	Webmirchi - Blind Sql Injection "Powered by Webmirchi"	behrouz mansoori
2024-05-12
Med.	Castel Digital Authentication Bypass "Castel Digital"	CCA469
2024-05-06
Med.	Kobiz Design - Sql Injection "Desing by Kobiz Design Co"	behrouz mansoori

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-05-16

Med.

Med.

Med.

2024-05-14

Low

Med.

Med.

High

High

Low

Low

2024-05-13

Med.

Med.

Low

The latest CVEs

2024-05-16

Dorks

2024-05-16

Med.

2024-05-14

Med.

Med.

2024-05-12

Med.

2024-05-06

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations