CXSECURITY.COM Free Security List

Bugtraq Stats

Yesterday: 0
Last month: 31
Current month: 33
Total: 41564

Best Hackers:

1. nu11secur1ty

2. bcoles

3. Mohammed Idrees Ban...

CVE database

Last Update: 40
Last month: 0
Current month: 0
Total CVE: 264299

Affected

1. mediawiki (5)
2. nifi (4)
3. foxit reader (4)
4. visitor man... (2)

Random comment

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerabi...
clbbed_to_dth

Hello, I would like to contact you, nu11secur1ty. It is not about this exploit publication, but rather to ask some questions concerning all the Vuln DBs you participate in. If you would like to answer some questions, c...

Voted

Remote Mouse 4.601 Unauthenticated Remote Sys... +2 0
BarbarBaba-1.0 Copyright 2025-Multiple-SQLi +1 0
Microsoft Edge XSS Filter Bypass PoC +1 0
NodeJS 24.x Path Traversal +1 0

Check the Bugtraq

2025-07-24
Med.	Malicious Windows Registration Entries (.reg) File bcoles
High	Microsoft PowerPoint 2019 Remote Code Execution (RCE) CVE-2025-47175 Mohammed Idrees Banyamer
Med.	VHDX Corruption Proof-of-Concept (PoC) CVE-2025-49683 nu11secur1ty
Med.	Office Macro Callback PoC (For Authorized Security Testing Only) CVE-2025-49702 nu11secur1ty
2025-07-21
High	Remote Mouse 3.303 Remote Code Execution Chokri Hammedi
Low	Intelbras RX 1500 2.2.9 / RX 3000 1.0.11 IDOR / XSS Gabriel
Low	LiveHelperChat <=4.61 - Stored Cross Site Scripting (XSS) CVE-2025-51396 Manojkumar J
High	Wifi Mouse version 1.9.0.8 - Remote Code Execution Chokri Hammedi
Low	Microsoft Edge XSS Filter Bypass PoC nu11secur1ty
Med.	BarbarBaba-1.0 Copyright 2025-Multiple-SQLi nu11secur1ty
2025-07-17
High	NodeJS 24.x Path Traversal CVE-2025-27210 Abdualhadi khalifa
High	Sudo 1.9.17 Host Option Elevation of Privilege CVE-2025-32462 Rich Mirch
Med.	PX4 Military UAV Autopilot 1.12.3 Denial of Service (DoS) CVE-2025-5640 Mohammed Idrees

The latest CVEs

Dorks

2024-10-23
CVE-2024-50066	In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in ...
CVE-2024-9829	The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access a...
CVE-2024-9583	The RSS Aggregator ?? RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possible for authenticated attackers, with Subscriber-leve...
CVE-2024-9947	The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if th...
CVE-2024-10045	The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site admini...
CVE-2024-43924	Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
CVE-2024-9530	The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
CVE-2024-31880	IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
CVE-2024-9927	The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPre...
CVE-2022-23861	Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users ...

2025-07-07
Med.	MikroTik RouterOS < v7.0 - Reflected XSS in UserManager Ahmed Mutaher	ahmed Mutaher
2025-06-29
Low	Pitamaas - Sql Injection "Designed & Developed by: Pitamaas"	behrouz mansoori
2025-06-20
Med.	MOBOTIX IP cameras Unauthenticated access intext:"© 2001-2025 MOBOTIX" -site:. -inurl:www	hasanwlip
2025-06-10
Med.	WordPress Digits Plugin 8.4.6.1 Authentication Bypass via OTP Bruteforcing( CVE-2025-4094 ) inurl:/wp-content/plugins/digits/	Saleh Tarawneh
2025-06-04
Med.	CloudClassroom PHP Project 1.0 SQL Injection( CVE-2025-45542 ) nurl:CloudClassroom-PHP-Project-master	Sanjay Singh

Quick goto:

Bugtraq The latest CVEs Dorks
Search

Bugtraq

CVEMAP

By Author

CVE Id

CWE Id

By vendors

By products

Are you looking CVE for some product?

Top Vendors:
Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla

Full List of Vendors

Top Products:
Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx

Full List of Products

Top CWE:
CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)

Check CWE Dictionary

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and make
Donations

Bugtraq Stats

CVE database

Affected

Random comment

Voted

2025-07-24

Med.

High

Med.

Med.

2025-07-21

High

Low

Low

High

Low

Med.

2025-07-17

High

High

Med.

The latest CVEs

Dorks

2024-10-23

2025-07-07

Med.

2025-06-29

Low

2025-06-20

Med.

2025-06-10

Med.

2025-06-04

Med.

Quick goto:

Are you looking CVE for some product?

Top Vendors:

Top Products:

Top CWE:

Donate:

is an open project developed and moderated fully by one independent person.

Help develop the project and makeDonations

Help develop the project and make
Donations