| <H2> Check the Bugtraq
2023-05-28
Low
Webkul Qloapps 1.5.2 Cross Site Scripting CVE-2023-30256
Astik Rawat
High
GetSimple CMS 3.3.16 Shell Upload CVE-2022-41544
Youssef Muhammad
Med.
JetSınav SQL Injection + Default Password Vulnerability
BQX
Low
SCM Manager 1.60 Cross Site Scripting CVE-2023-33829
neg0x
Med.
Screen SFT DAB 600/C Authentication Bypass Admin Password Change
LiquidWorm
Low
TinyWebGallery v2.5 Remote Code Execution (RCE)
Mirabbas Ağalarov
2023-05-27
High
Yank Note 3.52.1 Arbitrary Code Execution CVE-2023-31874
8bitsec
Med.
Stackposts Social Marketing Tool v1.0 SQL Injection
Ahmet Ümit BAYRAM
High
Seagate Central Storage 2015.0916 User Creation / Command Execution
Ege Balci
Med.
Ulicms 2023.1 Create Administrator
Mirabbas Agalarov
Low
Zenphoto 1.6 Cross Site Scripting
Mirabbas Agalarov
High
Laravel 10.11 Database Disclosure / Information Disclosure
indoushka
Low
WBCE CMS 1.6.1 Cross Site Scripting
Mirabbas Agalarov
(adsbygoogle = window.adsbygoogle || []).push({});
The latest CVEs 2023-05-29
CVE-2021-4336
A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080f...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)
CVE-2023-31873
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
CVE-2023-32762
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
CVE-2023-32763
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
CVE-2022-36345
Cross-Site Request Forgery (CSRF) vulnerability in metagauss Download Plugin </H2> |
| <H2> The latest CVEs </H2> |
| <H2> Dorks </H2> |
| <H4> Bugtraq
The latest CVEs
Dorks
Search
Bugtraq
CVEMAP
By Author
CVE Id
CWE Id
By vendors
By products
</H4> |
| <H4> Top Vendors: </H4> |
| <H4> Top Products: </H4> |
| <H4> Top CWE:
CWE-89 (SQL Injection)
CWE-79 (XSS)
CWE-119 (Buffer Overflow)
CWE-22 (Path Traversal)
Check CWE Dictionary
</H4> |
| <H5> Bugtraq Stats </H5> |
| <H5> Best Hackers: </H5> |
| <H5> CVE database </H5> |
| <H5> Affected </H5> |
| <H5> Random comment </H5> |
| <H5> Voted </H5> |
| <H5> 2023-05-28 </H5> |
| <H5> 2023-05-27 </H5> |
| <H5> 2023-05-29 </H5> |
| <H5> CVE-2021-4336 </H5> |
| <H5> CVE-2023-33291 </H5> |
| <H5> CVE-2023-31873 </H5> |
| <H5> CVE-2023-32762 </H5> |
| <H5> CVE-2023-32763 </H5> |
| <H5> CVE-2022-36345 </H5> |
| <H5> CVE-2023-33926 </H5> |
| <H5> 2023-05-28 </H5> |
| <H5> CVE-2023-32958 </H5> |
| <H5> CVE-2023-33212 </H5> |
| <H5> CVE-2023-33309 </H5> |
| <H5> Quick goto: </H5> |
| <H5> Are you looking CVE for some product? </H5> |
| <H5> Donate: </H5> |
| <H5> Help develop the project and makeDonations </H5> |
| <H6>
Low </H6> |
| <H6> Webkul Qloapps 1.5.2 Cross Site Scripting CVE-2023-30256
Astik Rawat
</H6> |
| <H6>
High </H6> |
| <H6> GetSimple CMS 3.3.16 Shell Upload CVE-2022-41544
Youssef Muhammad
</H6> |
| <H6>
Med. </H6> |
| <H6> JetSınav SQL Injection + Default Password Vulnerability
BQX
</H6> |
| <H6>
Low </H6> |
| <H6> SCM Manager 1.60 Cross Site Scripting CVE-2023-33829
neg0x
</H6> |
| <H6>
Med. </H6> |
| <H6> Screen SFT DAB 600/C Authentication Bypass Admin Password Change
LiquidWorm
</H6> |
| <H6>
Low </H6> |
| <H6> TinyWebGallery v2.5 Remote Code Execution (RCE)
Mirabbas Ağalarov
</H6> |
| <H6>
High </H6> |
| <H6> Yank Note 3.52.1 Arbitrary Code Execution CVE-2023-31874
8bitsec
</H6> |
| <H6>
Med. </H6> |
| <H6> Stackposts Social Marketing Tool v1.0 SQL Injection
Ahmet Ümit BAYRAM
</H6> |
| <H6>
High </H6> |
| <H6> Seagate Central Storage 2015.0916 User Creation / Command Execution
Ege Balci
</H6> |
| <H6>
Med. </H6> |
| <H6> Ulicms 2023.1 Create Administrator
Mirabbas Agalarov
</H6> |
| <H6>
Low </H6> |
| <H6> Zenphoto 1.6 Cross Site Scripting
Mirabbas Agalarov
</H6> |
| <H6>
High </H6> |
| <H6> Laravel 10.11 Database Disclosure / Information Disclosure
indoushka
</H6> |
| <H6>
Low </H6> |
| <H6> WBCE CMS 1.6.1 Cross Site Scripting
Mirabbas Agalarov
</H6> |
| <H6> A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080f... </H6> |
| <H6> In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.) </H6> |
| <H6> Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process'). </H6> |
| <H6> An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. </H6> |
| <H6> An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. </H6> |
| <H6> Cross-Site Request Forgery (CSRF) vulnerability in metagauss Download Plugin </H6> |
| <H6> Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin </H6> |
| <H6> Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin </H6> |
| <H6> Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder ?? Dynamic Blocks Form Builder plugin </H6> |
| <H6> Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin </H6> |
| <H6> 2023-05-28 </H6> |
| <H6>
Med. </H6> |
| <H6> JetSınav SQL Injection + Default Password Vulnerabilityallintext:"Powered by Jetsınav" </H6> |
| <H6>
Low </H6> |
| <H6> SCM Manager 1.60 Cross Site Scripting( CVE-2023-33829 )intitle:"SCM Manager" intext:1.60 </H6> |
| <H6> 2023-05-21 </H6> |
| <H6>
Low </H6> |
| <H6> Siemens SIMATIC S7-1200 Cross Site Request Forgery( CVE-2015-5698 )inurl:/Portal/Portal.mwsl </H6> |
| <H6> 2023-04-25 </H6> |
| <H6>
Med. </H6> |
| <H6> Sophos Web Appliance 4.3.10.4 Pre-auth command injection( CVE-2023-1671 )title:"Sophos Web Appliance" </H6> |
| <H6> 2023-04-23 </H6> |
| <H6>
Med. </H6> |
| <H6> Bluesoft Infotech - Sql Injection Vulnerability"Designed by Bluesoft Infotech" </H6> |
| <H6>
Linux Kernel
Mac OS X
Windows XP
Windows 10
Flash Player
Adobe Reader
PHP
JRE
JDK
Wordpress
Joomla
Chrome
IE
Firefox
Safari
HTTPD
Tomcat
Nginx
</H6> |
| <H6>
CWE-89 (SQL Injection)
CWE-79 (XSS)
CWE-119 (Buffer Overflow)
CWE-22 (Path Traversal)
Check CWE Dictionary </H6> |
| <H6> is an open project developed and moderated fully by one independent person. </H6> |