Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
h00die vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-46214
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk E...
Splunk Cloud
Splunk Splunk
1 Github repository
9.8
CVSSv3
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vu...
Apache Rocketmq
16 Github repositories
1 Article
7.8
CVSSv3
CVE-2022-37706
enlightenment_sys in Enlightenment prior to 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Enlightenment Enlightenment
5 Github repositories
8.8
CVSSv3
CVE-2020-14321
In Moodle prior to 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
Moodle Moodle
Moodle Moodle 3.9.0
4 Github repositories
7.2
CVSSv3
CVE-2020-8816
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
Pi-hole Pi-hole
5 Github repositories
8.8
CVSSv3
CVE-2020-11108
The Gravity updater in Pi-hole up to and including 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data...
Pi-hole Pi-hole
2 Github repositories
8.8
CVSSv3
CVE-2022-1043
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
Linux Linux Kernel
9.8
CVSSv3
CVE-2020-35846
Agentejo Cockpit prior to 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Agentejo Cockpit
4 Github repositories
10
CVSSv3
CVE-2019-7609
Kibana versions prior to 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing ...
Elastic Kibana
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
16 Github repositories
9.8
CVSSv3
CVE-2020-35847
Agentejo Cockpit prior to 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
Agentejo Cockpit
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »