Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26055
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in ...
Xwiki Commons 3.1
Xwiki Commons 3.1.1
Xwiki Commons
Xwiki Commons 14.4
5
CVSSv2
CVE-2017-9801
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 up to and including 1.4, the caller can add arbitrary SMTP headers.
Apache Commons Email 1.3.3
Apache Commons Email 1.2
Apache Commons Email 1.4
Apache Commons Email 1.3.2
Apache Commons Email 1.0
Apache Commons Email 1.3.1
Apache Commons Email 1.3
Apache Commons Email 1.1
3.3
CVSSv2
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 up to and including 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Apache Commons Fileupload 1.0
Apache Commons Fileupload 1.1
Apache Commons Fileupload 1.1.1
Apache Commons Fileupload 1.2
Apache Commons Fileupload 1.2.1
Apache Commons Fileupload 1.2.2
2 Github repositories
NA
CVE-2023-36471
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can b...
Xwiki Commons
Xwiki Commons 15.0
Xwiki Commons 15.1
4.3
CVSSv2
CVE-2014-8747
Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x prior to 7.x-3.9 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.
Drupal Commons 7.x-3.4
Drupal Commons 7.x-3.8
Drupal Commons 7.x-3.7
Drupal Commons 7.x-3.3
Drupal Commons 7.x-3.6
Drupal Commons 7.x-3.5
5
CVSSv2
CVE-2012-4483
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x prior to 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote m...
Acquia Commons 6.x-2.6
Acquia Commons 6.x-2.5
Acquia Commons 6.x-2.x
Acquia Commons 6.x-2.4
Acquia Commons 6.x-2.7
NA
CVE-2023-29528
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code an...
Xwiki Commons 4.2
Xwiki Commons
5
CVSSv2
CVE-2013-1907
The Commons Group module prior to 7.x-3.1 for Drupal, as used in the Commons module prior to 7.x-3.1, does not properly restrict access to groups, which allows remote malicious users to post arbitrary content to groups via unspecified vectors.
Acquia Commons Group
Acquia Commons
Acquia Commons Group7.x-3.x
Acquia Commons 7.x-3.x
6.8
CVSSv2
CVE-2014-3604
Certificates.java in Not Yet Commons SSL prior to 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbit...
Not Yet Commons Ssl Project Not Yet Commons Ssl
8.5
CVSSv2
CVE-2007-4364
Fedora Commons prior to 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote malicious users to trigger a certain &...
Fedoraproject Commons
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »