Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
evaluate project evaluate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3753
The Evaluate WordPress plugin up to and including 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in mu...
Evaluate Project Evaluate
5
CVSSv2
CVE-2017-16023
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 up to and including 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.
Decamelize Project Decamelize 1.1.1
Decamelize Project Decamelize 1.1.0
NA
CVE-2022-25894
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.
Uflo Project Uflo
7.5
CVSSv2
CVE-2017-16226
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Static-eval Project Static-eval
NA
CVE-2023-26912
Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local malicious users to execute arbitrary code via the evaluate button.
S-mall-ssm Project S-mall-ssm
4.3
CVSSv2
CVE-2020-24026
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in ...
Tinyshop Project Tinyshop 1.2.0
4
CVSSv2
CVE-2009-5136
The policy definition evaluator in Condor prior to 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
Condor Project Condor
Condor Project Condor 7.4.0
Redhat Enterprise Mrg 1.0.2
Redhat Enterprise Mrg 1.1.1
Redhat Enterprise Mrg 1.0
Redhat Enterprise Mrg 1.0.1
Redhat Enterprise Mrg 1.0.3
Redhat Enterprise Mrg 1.1.2
Redhat Enterprise Mrg 1.2
Redhat Enterprise Mrg 1.2.2
NA
CVE-2022-23554
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswag...
Alpine Project Alpine
6.4
CVSSv2
CVE-2021-28918
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote malicious users to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on...
Netmask Project Netmask
1 Article
NA
CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue ce...
Openssl Openssl
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Nodejs Node.js 19.0.0
Nodejs Node.js 18.12.0
Nodejs Node.js
24 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »