CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-05-04
Med.	Sandhya Branding Agency - Blind Sql Injection behrouz mansoori
Med.	Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Disclosure Gjoko 'LiquidWorm' Krstic
High	Microsoft PlayReady Cryptography Weakness Adam Gowdiak
Med.	Webenlive - Sql Injection behrouz mansoori
Low	SOPlanning 1.52.00 Cross Site Scripting liquidsky
Med.	SOPlanning 1.52.00 SQL Injection liquidsky
Low	SOPlanning 1.52.00 Cross Site Request Forgery liquidsky
Med.	BitraTech - Sql Injection behrouz mansoori
Med.	Bigem Teknoloji - Blind Sql Injection behrouz mansoori
2024-05-01
High	Kemp LoadMaster Unauthenticated Command Injection Dave Yesland
Low	Doctor Appointment Management System 1.0 Cross Site Scripting CVE-2024-4293 SoSPiro
Low	osCommerce 4 - Reflected XSS CVE-2024-4348 CraCkEr
Med.	Travel-Manager-OTMSP-1.0 Multiple SQLi nu11secur1ty

The latest CVEs

2024-05-04
CVE-2024-34467	ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.
CVE-2024-34468	Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
CVE-2024-34469	Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVE-2024-34462	Alinto SOGo through 5.10.0 allows XSS during attachment preview.
CVE-2023-27283	IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.
CVE-2024-34460	The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)
CVE-2024-34461	Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
CVE-2023-7065	The Stop Spammers Security \| Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for unauthenticated attackers to add arbitrary IPs to the plugin...
CVE-2024-1050	The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to dele...
CVE-2024-3868	The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scrip...

Dorks

2024-05-04
Med.	Sandhya Branding Agency - Blind Sql Injection "Powered by : Sandhya Branding Agency"	behrouz mansoori
Med.	Webenlive - Sql Injection "Design: Webenlive"	behrouz mansoori
Med.	BitraTech - Sql Injection "Powered By BitraTech"	behrouz mansoori
Med.	Bigem Teknoloji - Blind Sql Injection "Designed by Bigem Teknoloji"	behrouz mansoori
2024-04-27
Med.	fvgfl - SQL Injection vulnerability "Web Design fvgfl"	Mahdi Karimi

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-05-04

Med.

Med.

High

Med.

Low

Med.

Low

Med.

Med.

2024-05-01

High

Low

Low

Med.

The latest CVEs

2024-05-04

Dorks

2024-05-04

Med.

Med.

Med.

Med.

2024-04-27

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations