Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vapor vapor vulnerabilities and exploits
(subscribe to this query)
765
VMScore
CVE-2007-0388
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and previous versions, and 2.3.6 and previous versions in the 2.x series, allows remote malicious users to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
Woltlab Burning Board
3 EDB exploits
755
VMScore
CVE-2010-4861
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote malicious users to execute arbitrary SQL commands via the search parameter.
Webspell Webspell 4.2.1
1 EDB exploit
570
VMScore
CVE-2021-32742
Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial of Service) for applications where untrusted data can end up in said function. Va...
Vapor Project Vapor
445
VMScore
CVE-2022-31019
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][...
Vapor Vapor
445
VMScore
CVE-2022-31005
Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware...
Vapor Vapor
445
VMScore
CVE-2021-21328
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will c...
Vapor Project Vapor
383
VMScore
CVE-2021-37634
Leafkit is a templating language with Swift-inspired syntax. Versions before 1.3.0 are susceptible to Cross-site Scripting (XSS) attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags a...
Vapor Leafkit
356
VMScore
CVE-2020-15230
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.
Vapor Project Vapor
NA
CVE-2024-21631
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor...
Vapor Vapor
NA
CVE-2023-44386
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84....
Vapor Vapor
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »