Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sec consult vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-9153
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an malicious user to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
Openpgpjs Openpgpjs
1 Github repository
5.9
CVSSv3
CVE-2019-9155
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
Openpgpjs Openpgpjs
9.8
CVSSv3
CVE-2020-27179
konzept-ix publiXone prior to 2020.015 allows malicious users to take over arbitrary user accounts by crafting password-reset tokens.
Konzept-ix Publixone
7.5
CVSSv3
CVE-2019-9154
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an malicious user to pass off unsigned data as signed.
Openpgpjs Openpgpjs
7.5
CVSSv3
CVE-2020-27180
konzept-ix publiXone prior to 2020.015 allows malicious users to download files by iterating over the IXCopy fileID parameter.
Konzept-ix Publixone
9.8
CVSSv3
CVE-2020-27183
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone prior to 2020.015 allows malicious users to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.
Konzept-ix Publixone
6.5
CVSSv3
CVE-2020-27181
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone prior to 2020.015 allows malicious users to craft password-reset tokens or decrypt server-side configuration files.
Konzept-ix Publixone
6.1
CVSSv3
CVE-2020-27182
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone prior to 2020.015 allow remote malicious users to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.
Konzept-ix Publixone
7.5
CVSSv3
CVE-2021-27224
The WPG plugin prior to 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote malicious users to execute arbitrary code.
Irfanview Wpg
7.5
CVSSv3
CVE-2020-15592
SteelCentral Aternity Agent prior to 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among ...
Riverbed Steelcentral Aternity Agent
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »