Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client application access vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2022_21882
OSEP-Notes Initial Access HTA Fileless Initial Access Reverse Shell (AppLocker + CLM + Defender Bypass) Scenario: You can make a user execute your malicious HTA files, but AppLocker, CLM, and Defender block all payloads. To get a fileless reverse shell, one method that worked for...
1 Github repository
NA
CVE_2021_38647
CVE-2021-38647 AKA "OMIGOD" A Zeek package which detects CVE-2021-38647 AKA OMIGOD exploit attempts. https://corelight.com/blog/detecting-cve-2021-38647-omigod https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure https://msrc.microsoft.com/update-guide/v...
1 Github repository
NA
CVE-2024-0727
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can con...
Openssl Openssl
Openssl Openssl 3.2.0
NA
CVE-2024-22432
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the discl...
Dell Networker
NA
CVE-2023-6817
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packe...
Linux Linux Kernel 6.7
Linux Linux Kernel
NA
CVE-2023-6660
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replac...
Freebsd Freebsd 13.2
Freebsd Freebsd 14.0
NA
CVE-2023-6593
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and previous versions on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.
Devolutions Remote Desktop Manager
NA
CVE-2023-49805
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their clie...
Dockge.kuma Dockge
Uptime.kuma Uptime Kuma
NA
CVE-2023-46127
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been pa...
Frappe Frappe
NA
CVE-2023-44689
e-Gov Client Application (Windows version) versions before 2.1.1.0 and e-Gov Client Application (macOS version) versions before 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. ...
E-gov E-gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »