Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
recently project recently vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-4382
The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated malicious users to upload arbitrary files on the ...
Recently Project Recently
4.3
CVSSv2
CVE-2022-31094
ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project tha...
Scratchstatus Scratchtools
5
CVSSv2
CVE-2005-1513
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
Qmail Project Qmail -
Canonical Ubuntu Linux 20.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
4.3
CVSSv2
CVE-2015-8861
The handlebars package prior to 4.0.0 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Handlebars.js Project Handlebars.js
1 Github repository
4.3
CVSSv2
CVE-2015-8862
mustache package prior to 2.2.1 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Mustache.js Project Mustache.js
4.3
CVSSv2
CVE-2019-20503
usrsctp prior to 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
Usrsctp Project Usrsctp
1 Article
7.5
CVSSv2
CVE-2000-0419
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote malicious users to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
Microsoft Photodraw 2000 1.0
Microsoft Powerpoint 2000
Microsoft Project 2000
Microsoft Access 2000
Microsoft Word 2000
Microsoft Works 2000
Microsoft Office 2000
Microsoft Outlook 2000
Microsoft Excel 2000
Microsoft Frontpage 2000
5
CVSSv2
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known...
Apache Http Server 2.4.49
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Netapp Cloud Backup -
1 Article
5
CVSSv2
CVE-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache prior to 2.4.STABLE7 allows remote malicious users to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Openpkg Openpkg 2.1
Openpkg Openpkg 2.2
Squid Squid 2.4 .stable2
Squid Squid 2.4 .stable6
Squid Squid 3.0 Pre2
Squid Squid 3.0 Pre3
Openpkg Openpkg Current
Squid Squid 2.0 Patch2
Squid Squid 2.4 .stable7
Squid Squid 2.5 .stable1
Squid Squid 2.5 .stable3
Squid Squid 2.3 .stable5
Squid Squid 2.4
Squid Squid 2.5 .stable6
Squid Squid 3.0 Pre1
Squid Squid 2.1 Patch2
Squid Squid 2.3 .stable4
Squid Squid 2.5 .stable4
Squid Squid 2.5 .stable5
Ubuntu Ubuntu Linux 4.1
Gentoo Linux
Trustix Secure Linux 2.0
4.3
CVSSv2
CVE-2006-4568
Mozilla Firefox prior to 1.5.0.7 and SeaMonkey prior to 1.0.5 allows remote malicious users to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
Mozilla Firefox
Mozilla Seamonkey
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »