Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}

Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-03-28
High
High
Med.
2024-03-27
High
High
Med.
2024-03-26
Med.
Low
Med.
High
Med.
Low
2024-03-24
High

The latest CVEs

2024-03-29
CVE-2024-1729
Th password check condition is vulnerable to timing attack to guess the password
CVE-2024-2475
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above,...
CVE-2024-2841
The Otter Blocks ?? Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it pos...
CVE-2024-3077
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2024-2842
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributo...
CVE-2024-2844
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.
CVE-2024-2936
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
CVE-2024-0608
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...
CVE-2024-0609
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

Dorks

2024-03-24
Med.
Chenarkhayyam - Sql Injection And Waf , Cdn Bypass
"طراحی شده توسط سایت چنار خیام"
parsa rezaie khiabanloo
2024-03-20
High
SolarView Compact 6.00 Command Injection( CVE-2023-23333 )
http.html:"solarview compact"
ByteHunter
2024-03-16
Med.
Webenlive - Blind Sql Injection
"Design: Webenlive"
behrouz mansoori
High
Schneider Electric v1.0 - Directory traversal & Broken Authentication
inurl:/scada-vis
parsa rezaie khiabanloo
Med.
SiteOmat Fueling System - Default Password
intitle:"SiteOmat Loader"
Parsa rezaie khiabanloo

Copyright 2024, cxsecurity.com

 

Back to Top