Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karmainsecurity.com vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-26598
ImpressCMS prior to 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Impresscms Impresscms
9.8
CVSSv3
CVE-2021-26599
ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.
Impresscms Impresscms
NA
CVE-2014-3781
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear prior to 2.6.3 allows remote malicious users to bypass authentication via an empty password in an XML-RPC request.
Dotclear Dotclear
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
6.1
CVSSv3
CVE-2023-4136
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 up to and including 4.0.2, from 3.1.0 up to ...
Craftercms Craftercms
8.8
CVSSv3
CVE-2021-27230
ExpressionEngine prior to 5.4.2 and 6.x prior to 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
Expressionengine Expressionengine
7.2
CVSSv3
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
6.5
CVSSv3
CVE-2020-8804
SuiteCRM up to and including 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
Salesagility Suitecrm
NA
CVE-2014-3783
SQL injection vulnerability in admin/categories.php in Dotclear prior to 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
Dotclear Dotclear 2.6
Dotclear Dotclear 2.5.3
Dotclear Dotclear 2.3.1
Dotclear Dotclear 2.3.0
Dotclear Dotclear 2.1.4
Dotclear Dotclear 2.1.3
Dotclear Dotclear 2.0
Dotclear Dotclear 1.2.8
Dotclear Dotclear 1.2.7
Dotclear Dotclear
Dotclear Dotclear 2.5.0
Dotclear Dotclear 2.4.4
Dotclear Dotclear 2.2.1
Dotclear Dotclear 2.2
Dotclear Dotclear 2.0.2
Dotclear Dotclear 2.0.1
Dotclear Dotclear 1.2.4
Dotclear Dotclear 1.2.3
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.4.3
Dotclear Dotclear 2.4.2
Dotclear Dotclear 2.1.7
8.8
CVSSv3
CVE-2020-8800
SuiteCRM up to and including 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »