Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
click project click - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2010-10007
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 4...
Click-reminder Project Click-reminder
9.8
CVSSv3
CVE-2021-32984
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and...
Automationdirect C0-10dd1e-d Firmware
Automationdirect C0-10dd2e-d Firmware
Automationdirect C0-10dre-d Firmware
Automationdirect C0-10are-d Firmware
Automationdirect C0-11dd1e-d Firmware
Automationdirect C0-11dd2e-d Firmware
Automationdirect C0-11dre-d Firmware
Automationdirect C0-11are-d Firmware
Automationdirect C0-12dd1e-d Firmware
Automationdirect C0-12dd2e-d Firmware
Automationdirect C0-12dre-d Firmware
Automationdirect C0-12are-d Firmware
Automationdirect C0-12dd1e-1-d Firmware
Automationdirect C0-12dd2e-1-d Firmware
Automationdirect C0-12dre-1-d Firmware
Automationdirect C0-12are-1-d Firmware
Automationdirect C0-12dd1e-2-d Firmware
Automationdirect C0-12dd2e-2-d Firmware
Automationdirect C0-12dre-2-d Firmware
Automationdirect C0-12are-2-d Firmware
9.8
CVSSv3
CVE-2014-3114
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and previous versions for WordPress allows remote malicious users to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.
Ezpz-one-click-backup Project Ezpz-one-click-backup
9.8
CVSSv3
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote malicious users to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu ph...
Click Project Click -
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
8.8
CVSSv3
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in a...
Nextcloud Desktop 3.6.1
8.8
CVSSv3
CVE-2021-25965
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the appli...
Calibre-web Project Calibre-web
8.8
CVSSv3
CVE-2019-17590
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineer...
Csrf Magic Project Csrf Magic
8.6
CVSSv3
CVE-2016-6368
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition due to the Snort process unexpectedly resta...
Cisco Firepower Management Center 6.0.0.0
Cisco Firepower Management Center 6.0.1
Cisco Firepower Management Center 6.0.0
Cisco Firepower Management Center 6.0.0.1
8.1
CVSSv3
CVE-2022-1791
The One Click Plugin Updater WordPress plugin up to and including 2.4.14 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates a...
One Click Plugin Updater Project One Click Plugin Updater
7.8
CVSSv3
CVE-2022-41322
In Kitty prior to 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
Kitty Project Kitty
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »