Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karma vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-23495
The package karma prior to 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Karma Project Karma
4.3
CVSSv2
CVE-2022-0437
Cross-site Scripting (XSS) - DOM in NPM karma before 6.3.14.
Karma Project Karma
7.5
CVSSv2
CVE-2020-7626
karma-mojo up to and including 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.
Karma-mojo Project Karma-mojo
NA
CVE-2022-37602
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.
Grunt-karma Project Grunt-karma 4.0.1
7.5
CVSSv2
CVE-2018-18399
SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote malicious user to execute arbitrary SQL commands via the "id" parameter.
Jco Karma 6.0.0
4.3
CVSSv2
CVE-2011-4090
Serendipity prior to 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
S9y Serendipity
1 EDB exploit
4.3
CVSSv2
CVE-2008-6275
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x prior to 5.x-1.13 and 6.x prior to 6.x-1.0-beta1, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified messages.
Drupal User Karma Module 5.x-1.10
Drupal User Karma Module
Drupal User Karma Module 5.x-1.9
Drupal User Karma Module 5.x-1.xdev
Drupal User Karma Module 5.x-1.2
Drupal User Karma Module 5.x-1.3
Drupal User Karma Module 5.x-1.4
Drupal User Karma Module 5.x-1.5
Drupal User Karma Module 5.x-1.6
Drupal User Karma Module 5.x-1.1
Drupal User Karma Module 5.x-1.7
Drupal User Karma Module 5.x-1.8
6.5
CVSSv2
CVE-2008-6276
Multiple SQL injection vulnerabilities in the User Karma module 5.x prior to 5.x-1.13 and 6.x prior to 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.
Drupal User Karma Module 5.x-1.10
Drupal User Karma Module 5.x-1.2
Drupal User Karma Module 5.x-1.9
Drupal User Karma Module 5.x-1.xdev
Drupal User Karma Module 5.x-1.3
Drupal User Karma Module 5.x-1.4
Drupal User Karma Module 6.x-1.xdev
Drupal User Karma Module 5.x-1.12
Drupal User Karma Module 5.x-1.5
Drupal User Karma Module 5.x-1.6
Drupal User Karma Module 5.x-1.1
Drupal User Karma Module 5.x-1.7
Drupal User Karma Module 5.x-1.8
4.3
CVSSv2
CVE-2012-2436
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS prior to 1.2.2 allow remote malicious users to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module...
Pligg Pligg Cms 9.9
Pligg Pligg Cms
Pligg Pligg Cms 1.0.2
Pligg Pligg Cms 1.0.0
Pligg Pligg Cms 1.1.2
Pligg Pligg Cms 1.2.0
Pligg Pligg Cms 9.5
Pligg Pligg Cms 9.9.5
Pligg Pligg Cms 1.1.4
Pligg Pligg Cms 9.9.0
Pligg Pligg Cms 1.0.3
Pligg Pligg Cms 1.0.4
Pligg Pligg Cms 1.1.3
Pligg Pligg Cms 1.1.5
Pligg Pligg Cms 1.1.0
Pligg Pligg Cms 1.0.1
1 EDB exploit
5
CVSSv2
CVE-2006-0306
The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA S...
Ca Unicenter Remote Control 6.0 Build 6.0.56.3
Ca Unicenter Remote Control 6.0
Ca Unicenter Remote Control 6.0 Build 6.0.74
Broadcom Brightstor Mobile Backup R4.0
Broadcom Brightstor Arcserve Backup Laptops Desktops 11.0
Broadcom Brightstor Arcserve Backup Laptops Desktops 11.1
Broadcom Business Protection Suite 2.0
Broadcom Desktop Protection Suite 2.0
Broadcom Server Protection Suite 2
Broadcom Unicenter Remote Control 5.2
Broadcom Unicenter Remote Control 6.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started