Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tempest.com.br vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38945
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows malicious users to bypass the access control and gain complete access to the application via supplying a crafted URL.
5.4
CVSSv3
CVE-2020-35582
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
Enviragallery Envira Gallery
6.1
CVSSv3
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
Phpipam Phpipam 1.4.4
NA
CVE-2023-38944
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows malicious users to bypass the access control and gain complete access to the application via modifying a HTTP header.
4.9
CVSSv3
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin prior to 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Wpvivid Migration\\, Backup\\, Staging
NA
CVE-2023-38946
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows malicious users to bypass the access control and gain complete access to the application via supplying a crafted cookie.
6.1
CVSSv3
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
8.8
CVSSv3
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
5.4
CVSSv3
CVE-2020-35581
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.
Enviragallery Envira Gallery
5.4
CVSSv3
CVE-2021-30140
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a clic...
Liquidfiles Liquidfiles 3.4.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »