Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
recently project recently vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-4382
The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated malicious users to upload arbitrary files on the ...
Recently Project Recently
6.1
CVSSv3
CVE-2022-31094
ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project tha...
Scratchstatus Scratchtools
9.8
CVSSv3
CVE-2005-1513
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
Qmail Project Qmail -
Canonical Ubuntu Linux 20.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
6.1
CVSSv3
CVE-2015-8861
The handlebars package prior to 4.0.0 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Handlebars.js Project Handlebars.js
1 Github repository
6.1
CVSSv3
CVE-2015-8862
mustache package prior to 2.2.1 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Mustache.js Project Mustache.js
6.5
CVSSv3
CVE-2019-20503
usrsctp prior to 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
Usrsctp Project Usrsctp
1 Article
NA
CVE-2000-0419
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote malicious users to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
Microsoft Photodraw 2000 1.0
Microsoft Powerpoint 2000
Microsoft Project 2000
Microsoft Access 2000
Microsoft Word 2000
Microsoft Works 2000
Microsoft Office 2000
Microsoft Outlook 2000
Microsoft Excel 2000
Microsoft Frontpage 2000
7.5
CVSSv3
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known...
Apache Http Server 2.4.49
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Netapp Cloud Backup -
1 Article
NA
CVE-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache prior to 2.4.STABLE7 allows remote malicious users to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Openpkg Openpkg 2.1
Openpkg Openpkg 2.2
Squid Squid 2.4 .stable2
Squid Squid 2.4 .stable6
Squid Squid 3.0 Pre2
Squid Squid 3.0 Pre3
Openpkg Openpkg Current
Squid Squid 2.0 Patch2
Squid Squid 2.4 .stable7
Squid Squid 2.5 .stable1
Squid Squid 2.5 .stable3
Squid Squid 2.3 .stable5
Squid Squid 2.4
Squid Squid 2.5 .stable6
Squid Squid 3.0 Pre1
Squid Squid 2.1 Patch2
Squid Squid 2.3 .stable4
Squid Squid 2.5 .stable4
Squid Squid 2.5 .stable5
Ubuntu Ubuntu Linux 4.1
Gentoo Linux
Trustix Secure Linux 2.0
NA
CVE-2006-4568
Mozilla Firefox prior to 1.5.0.7 and SeaMonkey prior to 1.0.5 allows remote malicious users to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
Mozilla Firefox
Mozilla Seamonkey
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »