Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
first project first - vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-10769
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow malicious users to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the sa...
Smartmesh Project Smartmesh -
Ugtoken Project Ugtoken -
Gg Token Project Gg Token -
First Project First -
Mtc Project Mtc -
Mesh Project Mesh -
5.8
CVSSv2
CVE-2016-5672
Intel Crosswalk prior to 19.49.514.5, 20.x prior to 20.50.533.11, 21.x prior to 21.51.546.0, and 22.x prior to 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which ...
Intel Crosswalk
5
CVSSv2
CVE-2017-13712
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows malicious users to perform Denial of Service by triggering a NULL first argument.
Lame Project Lame 3.99.5
4.6
CVSSv2
CVE-2020-7615
fsa up to and including 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.
Fsa Project Fsa
3.5
CVSSv2
CVE-2020-35328
Courier Management System 1.0 - 'First Name' Stored XSS
Courier Management System Project Courier Management System 1.0
3.5
CVSSv2
CVE-2018-20636
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.
Chartered Accountant \\ Auditor Website Project Chartered Accountant \\
5
CVSSv2
CVE-2021-43620
An issue exists in the fruity crate up to and including 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the stri...
Fruity Project Fruity 0.1.0
Fruity Project Fruity 0.2.0
3.5
CVSSv2
CVE-2010-1548
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x prior to 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=c...
Chaos Tool Suite Project Ctools 6.x-1.3
Chaos Tool Suite Project Ctools 6.x-1.0
Chaos Tool Suite Project Ctools 6.x-1.x
Chaos Tool Suite Project Ctools 6.x-1.2
Chaos Tool Suite Project Ctools 6.x-1.1
10
CVSSv2
CVE-2014-9682
The dns-sync module prior to 0.1.1 for node.js allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
Dns-sync Project Dns-sync
NA
CVE-2022-36943
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.
Ssziparchive Project Ssziparchive
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »