Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2022-27599
An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors...
Qnap Qvr Pro Client
8.1
CVSSv3
CVE-2022-27607
Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531.
Axiosys Bento4 1.6.0-639
6
CVSSv3
CVE-2022-27609
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it.
Forcepoint One Endpoint
8.1
CVSSv3
CVE-2022-27611
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station prior to 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Synology Audio Station
8.8
CVSSv3
CVE-2022-27613
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server prior to 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
Synology Carddav Server
7.5
CVSSv3
CVE-2022-27614
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server prior to 1.8.1-2876 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Media Server
5.4
CVSSv3
CVE-2023-46782
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions.
Chrisyee Momentopress For Momento360
5.4
CVSSv3
CVE-2023-46783
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions.
Brightplugins Pre-orders For Woocommerce
NA
CVE-2023-46784
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ...
8.8
CVSSv3
CVE-2022-26670
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.
Dlink Dir-878 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »