Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

tempest.com.br vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-38945
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows malicious users to bypass the access control and gain complete access to the application via supplying a crafted URL.
5.4
CVSSv3
CVE-2020-35582
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
Enviragallery Envira Gallery
6.1
CVSSv3
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
Phpipam Phpipam 1.4.4
NA
CVE-2023-38944
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows malicious users to bypass the access control and gain complete access to the application via modifying a HTTP header.
4.9
CVSSv3
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin prior to 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Wpvivid Migration\\, Backup\\, Staging
NA
CVE-2023-38946
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows malicious users to bypass the access control and gain complete access to the application via supplying a crafted cookie.
6.1
CVSSv3
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
8.8
CVSSv3
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
5.4
CVSSv3
CVE-2020-35581
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.
Enviragallery Envira Gallery
5.4
CVSSv3
CVE-2021-30140
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a clic...
Liquidfiles Liquidfiles 3.4.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook