Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redteam-pentesting.de vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user,...
Pydio Cells
1 Github repository
6.5
CVSSv3
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
5.4
CVSSv3
CVE-2023-32751
Pydio Cells up to and including 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the w...
Pydio Cells
7.5
CVSSv3
CVE-2022-42953
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be prior to 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.0...
Zkteco Zmm200 Firmware
Zkteco Zmm210 Firmware
Zkteco Zmm220 Firmware
Zkteco Zem720 Firmware
Zkteco Zem600 Firmware
Zkteco Zem800 Firmware
Zkteco Zem510 Firmware
Zkteco Zem560 Firmware
Zkteco Zem760 Firmware
Zkteco Zem500 Firmware
5.3
CVSSv3
CVE-2023-38357
Session tokens in RWS WorldServer 11.7.3 and previous versions have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
Rws Worldserver
9.8
CVSSv3
CVE-2022-23178
An issue exists on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document wi...
Crestron Hd-md4x2-4k-e Firmware 1.0.0.2159
1 Github repository
6.1
CVSSv3
CVE-2023-0214
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x before 11.2.6, 10.x before 10.2.17, and controlled release 12.x before 12.0.1 allows a remote malicious user to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitr...
Trellix Skyhigh Secure Web Gateway 12.0.0
Trellix Skyhigh Secure Web Gateway
8.1
CVSSv3
CVE-2023-33243
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database g...
Starface Starface
1 Github repository
6.5
CVSSv3
CVE-2018-0486
Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks ...
Shibboleth Xmltooling-c
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2019-13553
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow malicious users to influence the primary operations of...
Carel Pcoweb Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »