Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amirhossein bahramizadeh vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-3320
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated malicious users to modify the plu...
Wp Sticky Social Project Wp Sticky Social
1 EDB exploit
4.5
CVSSv3
CVE-2023-23408
Azure Apache Ambari Spoofing Vulnerability
Microsoft Azure Hdinsights -
1 EDB exploit
6.1
CVSSv3
CVE-2023-2779
The Social Share, Social Login and Social Comments WordPress plugin prior to 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Heator Social Share\\, Social Login And Social Comments
1 EDB exploit
7
CVSSv3
CVE-2023-25187
An issue exists on NOKIA Airscale ASIKA Single RAN devices prior to 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH s...
Nokia Asika Airscale Firmware 19b
Nokia Asika Airscale Firmware 20a
Nokia Asika Airscale Firmware 20b
Nokia Asika Airscale Firmware 20c
Nokia Asika Airscale Firmware 21a
1 EDB exploit
7.5
CVSSv3
CVE-2023-30198
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.
Webbax Winbizpayment
1 EDB exploit
8.1
CVSSv3
CVE-2023-28288
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server 2013
Microsoft Sharepoint Server 2016
Microsoft Sharepoint Server -
1 EDB exploit
7.8
CVSSv3
CVE-2023-28293
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 20h2
Microsoft Windows 10 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1809
Microsoft Windows 10 1607
Microsoft Windows 11 21h2
1 EDB exploit
7.8
CVSSv3
CVE-2023-32479
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions before 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vu...
Dell Encryption
Dell Endpoint Security Suite Enterprise
Dell Security Management Server
9.8
CVSSv3
CVE-2023-33592
Lost and Found Information System v1.0 exists to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
Oretnom23 Lost And Found Information System 1.0
1 Github repository
8.1
CVSSv3
CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with al...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Wordpress Wordpress 5.4
Wordpress Wordpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »