CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected

{{te.id}}. {{te.nameDis}} ({{te.count}})

Random comment

{{ x.title }}
{{ x.auth }}

Voted

{{ x.nameSh }} +{{x.pos}} {{x.neg}}

Check the Bugtraq

2024-09-16
High	MPlayer Lite r33064 Buffer Overflow h1ch4m
Low	SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution Valentin Lobstein
Low	SFTRS - PHP (by: oretnom23 ) v1.0 Multiple-SQLi nu11secur1ty
2024-09-12
Med.	TENANT-LIMITED-1.0-©-2024-Tenant-Management-System-Software Multiple-SQLi nu11secur1ty
2024-09-10
Med.	C-MOR Video Surveillance 5.2401 Path Traversal CVE-2024-45178 Matthias Deeg
Med.	C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection CVE-2024-45174 Matthias Deeg
High	SerComm Network Device Backdoor Detection Eloi Vanderbeken
2024-09-08
Med.	Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage malvuln
High	Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution malvuln
Med.	Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials malvuln
Med.	HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage malvuln
Low	FortiSiem 7.1.3 Stored XSS Ersin Sarisoy
High	Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH) malvuln

Dorks

2024-09-17
CVE-2024-4283	An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.
CVE-2024-6685	An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.
2024-09-16
CVE-2024-22013	U-Boot environment is read from unauthenticated partition.
CVE-2024-34016	Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.
CVE-2024-42794	Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.
CVE-2024-42795	An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.
CVE-2024-42796	An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
CVE-2024-42798	An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.
CVE-2024-44445	An issue was discovered in BSC Smart Contract 0x0506e571aba3dd4c9d71bed479a4e6d40d95c833. Attackers are able to perform state manipulation attacks by borrowing a large amount of money and then using this amount to inflate the token balance in the token pair, leading to increased profits without cost.
CVE-2024-45800	Snappymail is an open source web-based email client. SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to "fix&...

2024-08-08
Low	WP-UserOnline 2.88.0 Stored Cross Site Scripting (XSS) (Authenticated)( CVE-2022-2941 ) inurl:/wp-content/plugins/wp-useronline/	Onur Göğebakan
2024-07-24
Med.	SRDB Wordpres Replace Title( Multiple CVE ) Search-Replace-DB-master	Demon King
Med.	Designed by Winzone Softech" Bypass Admin With Noredirect "Designed by Technocracy Softwares Pvt. Ltd"	Xplo5ionS
2024-07-22
Med.	Technocracy Softwares Pvt. Ltd Bypass Admin With Noredirect "Designed by Technocracy Softwares Pvt. Ltd"	Xplo5ionS
2024-07-15
Med.	lajeh - SQL Injection vulnerability "Powered by lajeh"	Mahdi Karimi

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2024-09-16

High

Low

Low

2024-09-12

Med.

2024-09-10

Med.

Med.

High

2024-09-08

Med.

High

Med.

Med.

Low

High

The latest CVEs

2024-09-17

2024-09-16

Dorks

2024-08-08

Low

2024-07-24

Med.

Med.

2024-07-22

Med.

2024-07-15

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations