Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
charm charm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend...
Charm Charm
4.3
CVSSv2
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
Jhu Charm 0.43
4.3
CVSSv2
CVE-2009-0763
Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote malicious users to inject arbitrary web script or HTML via the charm parameter.
Bookelves Kipper 2.01
1 EDB exploit
4.3
CVSSv2
CVE-2009-0764
Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote malicious users to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely...
Bookelves Kipper 2.01
1 EDB exploit
4
CVSSv2
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.
Jhu Charm 0.43
NA
CVE-2023-43809
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote malicious user to bypass public key authentication when keyboard-interactive SSH authentication is active, through ...
Charm Soft Serve
NA
CVE-2022-36830
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local malicious users to access files without permission via implicit intent.
Samsung Charm Firmware
NA
CVE-2022-36836
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows malicious users to read connection state without permission.
Samsung Charm Firmware
NA
CVE-2022-33734
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows malicious user to get bluetooth connection information without permission.
Samsung Charm
NA
CVE-2022-36829
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local malicious users to access files without permission via implicit intent.
Samsung Charm Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »