Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canto canto vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2013-7416
canto_curses/guibase.py in Canto Curses prior to 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
Canto Canto Curses
Canto Canto Curses 0.9.0
Canto Canto Curses 0.8.4
NA
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated malicious users to include and execute arbitrary remote code on the server, provided that allow_url_...
Canto Canto
2 Github repositories
NA
CVE-2022-40305
A Server-Side Request Forgery issue in Canto Cumulus up to and including 11.1.3 allows malicious users to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.
Canto Canto
505
VMScore
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
505
VMScore
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
445
VMScore
CVE-2020-24063
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
Canto Canto 1.3.0
505
VMScore
CVE-2020-28977
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
NA
CVE-2024-25096
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a up to and including 3.0.7.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started