Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
click project click - vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2023_46805
Penetration testing of https://ris.ucll.be/ Tools used Nmap It looks like the host is running on Azure since the ports are open by default 1221 and 8172. This is also indicated by the fingerprint Microsoft Azure Web App. The Python webserver being used is Gunicorn, it is a Unix b...
1 Github repository
6.1
CVSSv3
CVE-2023-50630
Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote malicious user to execute arbitrary code via a crafted script to the click here function.
Teamwork Management System Project Teamwork Management System 2.28.0
6.1
CVSSv3
CVE-2023-5701
A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block&g...
Vnote Project Vnote
4.8
CVSSv3
CVE-2022-47158
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <= 1.1.7 versions.
Alfred24 Click \\& Collect Project Alfred24 Click \\& Collect
4.8
CVSSv3
CVE-2023-22724
GLPI is a Free Asset and IT Management Software package. Versions before 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to vi...
Glpi-project Glpi
9.8
CVSSv3
CVE-2010-10007
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 4...
Click-reminder Project Click-reminder
8.8
CVSSv3
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in a...
Nextcloud Desktop 3.6.1
7.8
CVSSv3
CVE-2022-41322
In Kitty prior to 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
Kitty Project Kitty
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.4
CVSSv3
CVE-2022-39207
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the w...
Onedev Project Onedev
8.1
CVSSv3
CVE-2022-1791
The One Click Plugin Updater WordPress plugin up to and including 2.4.14 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates a...
One Click Plugin Updater Project One Click Plugin Updater
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »