Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abuse vulnerabilities and exploits
(subscribe to this query)
6.6
CVSSv2
CVE-2021-40776
Adobe Lightroom Classic 10.3 (and previous versions) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product in...
Adobe Lightroom
3.5
CVSSv2
CVE-2021-29432
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
Matrix Sydent
NA
CVE-2024-23681
Artemis Java Test Sandbox versions prior to 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed cod...
Ls1intum Artemis Java Test Sandbox
NA
CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Ls1intum Artemis Java Test Sandbox
5
CVSSv2
CVE-2017-17553
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow malicious users to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Br...
Changyou Dolphin 12.0.2
6
CVSSv2
CVE-2021-40708
Adobe Genuine Service versions 7.3 (and previous versions) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction ...
Adobe Genuine Service
6.5
CVSSv2
CVE-2020-26678
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution.
Vfairs Vfairs 3.3
6
CVSSv2
CVE-2021-36043
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code exe...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
4.3
CVSSv2
CVE-2020-13992
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A Stored XSS issue allows remote unauthenticated malicious users to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.
Mods-for-hesk Mods For Hesk
3.5
CVSSv2
CVE-2022-30289
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI up to and including 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.
Citeum Opencti
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »