Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: 0
Last month: 26
Current month: 8
Total: 41605

Best Hackers:
1. Erdinç ODABAŞ
2. Osman Aydoğan
CVE database

Last Update: 40
Last month: 0
Current month: 0
Total CVE: 264299

Affected
1. mediawiki (5)
2. nifi (4)
3. foxit reader (4)
4. visitor man... (2)
Random comment
Symfony Remote Information Disclosure
sololibre
@Nickert the vulnerability here i think is the configuration leak at the final step of configuration,who said app_dev is the vulnerability ?
Voted
WordPress Plugin WP Publications <= 1.2 - Adm... +1 0
Sitecore XP Post-Authentication File Upload +1 0

2025-09-14
High
Sitecore XP Post-Authentication File Upload CVE-2025-34511
Piotr Bazydlo
Low
database.refugee-integration.bg - CORS-AOT vulnerability
nu11secur1ty
Med.
BarbarBaba-1.0 Copyright©2025-Multiple-SQLi
nu11secur1ty
2025-09-10
Low
INITCMS v6.2.17 - Stored Cross-Site Scripting
Osman Aydoğan
Low
Sales Syntax CMS - Stored Cross-Site Scripting
Erdinç ODABAŞ
2025-09-04
High
GeoVision ASManager Windows Application 6.1.2.0 Remote Code Execution CVE-2025-26264
Giorgi Dograshvili
Low
WordPress Plugin WP Publications <= 1.2 - Admin+ Stored XSS CVE-2024-11605
Zeynalxan Quliyev, Ravan P...
Med.
BarbarBaba 1.0 time-based blind sql injection
Furkan Sezgin
2025-08-28
Med.
DITRP INDIA - Sql Injection
behrouz mansoori
Med.
Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation CVE-2023-3460
Gurjot Singh
Med.
Ghost CMS 5.59.1 Arbitrary File Read CVE-2023-40028
ibrahimsql
Med.
WordPress WP Reactions Box Plugin 1.0 - SQL Injection
bRpsd
Med.
DOS Baby POP3 Server 1.04
Érick Sousa

The latest CVEs

Dorks

2024-10-23
CVE-2024-50066
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in ...
CVE-2024-9829
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access a...
CVE-2024-9583
The RSS Aggregator ?? RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possible for authenticated attackers, with Subscriber-leve...
CVE-2024-9947
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if th...
CVE-2024-10045
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site admini...
CVE-2024-43924
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
CVE-2024-9530
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
CVE-2024-31880
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
CVE-2024-9927
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPre...
CVE-2022-23861
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users ...
2025-09-04
Low
WordPress Plugin WP Publications <= 1.2 - Admin+ Stored XSS( CVE-2024-11605 )
inurl:/wp-content/plugins/wp-publications/
 Zeynalxan Quliyev, Ravan P...
2025-08-28
Med.
DITRP INDIA - Sql Injection
"designed by : DITRP INDIA"
 behrouz mansoori
2025-08-23
Med.
EasyApp Limited - Multiple Vulnerabilities
Powered By EasyApp Limited inurl:app/web
 bRpsd
2025-07-28
Med.
Sudo chroot 1.9.17 Local Privilege Escalation( CVE-2025-32463 )
not aplicable
 Stratascale
2025-07-07
Med.
MikroTik RouterOS < v7.0 - Reflected XSS in UserManager
Ahmed Mutaher
 ahmed Mutaher
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2025, cxsecurity.com

 

Back to Top