Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cvs vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2002-0844
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD prior to 1.11.2 allows local users to execute arbitrary code.
Distrotech Cvs
4.3
CVSSv2
CVE-2020-2184
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and previous versions allows malicious users to create and manipulate tags, and to connect to an attacker-specified URL.
Jenkins Current Versions Systems
4.3
CVSSv2
CVE-2017-5938
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC prior to 1.0.14 and 1.1.x prior to 1.1.26 allows remote malicious users to inject arbitrary web script or HTML via the nav_data name.
Debian Debian Linux 8.0
Opensuse Leap 42.2
Opensuse Project Leap 42.1
Viewvc Viewvc
4.3
CVSSv2
CVE-2009-3989
Bugzilla prior to 3.0.11, 3.2.x prior to 3.2.6, 3.4.x prior to 3.4.5, and 3.5.x prior to 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote malicious users to obtain sensitive information via requests for (1) CVS/, (2) ...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.0.7
Mozilla Bugzilla 3.0.9
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.1
Mozilla Bugzilla 2.22.5
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.7
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.10
Mozilla Bugzilla 3.4
4.3
CVSSv2
CVE-2008-1290
ViewVC prior to 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote malicious users to obtain sensitive information.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.3
4.3
CVSSv2
CVE-2007-1287
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote malicious users to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3...
Php Php 4.4.6
Php Php 6.0
Php Php 4.4.4
Php Php 4.4.5
1 EDB exploit
4.3
CVSSv2
CVE-2005-4454
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote malicious users to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme...
Livejournal Livejournal
1 EDB exploit
4.3
CVSSv2
CVE-2004-1544
Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and previous versions allows remote malicious users to execute arbitrary web script as other users via the query parameter.
Jspwiki Jspwiki 2.1.120
Jspwiki Jspwiki 2.1.121
Jspwiki Jspwiki 2.1.122
3.5
CVSSv2
CVE-2022-29037
Jenkins CVS Plugin 2.19 and previous versions does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Cvs
3.5
CVSSv2
CVE-2020-26256
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched ...
C2fo Fast-csv
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »