Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery jquery vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-1155
In SecurityCenter versions before 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated malicious user to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented t...
Tenable Securitycenter
7.5
CVSSv3
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
6.5
CVSSv3
CVE-2019-15845
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 mishandles path checking within File.fnmatch functions.
Ruby-lang Ruby
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
7.5
CVSSv3
CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or u...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Freebsd Freebsd 12.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Mysql
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Mysql Enterprise Monitor
Oracle Mysql Workbench
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager For Storage Management 13.3.0.0
Oracle Mysql Connectors
Oracle Enterprise Manager For Storage Management 13.4.0.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Application Server 12.1.3
7 Github repositories
1 Article
7.5
CVSSv3
CVE-2020-10663
The JSON gem up to and including 2.2.0 for Ruby, as used in Ruby 2.4 up to and including 2.4.9, 2.5 up to and including 2.5.7, and 2.6 up to and including 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage...
Json Project Json
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Apple Macos 11.0.1
7 Github repositories
5.3
CVSSv3
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
8.1
CVSSv3
CVE-2019-16255
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to cal...
Ruby-lang Ruby
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
3.3
CVSSv3
CVE-2019-1552
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. F...
Openssl Openssl
NA
CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x prior to 6.28 and 7.x prior to 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote malicious users to inject arbitrary web script or HTML via vectors involving unspecified Java...
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.18
Drupal Drupal 7.2
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.14
Drupal Drupal 7.15
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.13
Drupal Drupal 7.3
Drupal Drupal 7.4
Drupal Drupal 6.0
Drupal Drupal 6.13
5.4
CVSSv3
CVE-2021-43862
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions before 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques...
Jquery.terminal Project Jquery.terminal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »