Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
link vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2007-3347
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote malicious users to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
D-link Dph-541 1.00.03
D-link Dph-540 1.00.14
D-link Dph-540 1.00.03
D-link Dph-541 1.00.14
7.8
CVSSv2
CVE-2007-3348
The D-Link DPH-540/DPH-541 phone allows remote malicious users to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
D-link Dph-541 1.00.03
D-link Dph-540 1.00.14
D-link Dph-540 1.00.03
D-link Dph-541 1.00.14
3.5
CVSSv2
CVE-2022-1645
The Amazon Link WordPress plugin up to and including 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Amazon Link Project Amazon Link
NA
CVE-2022-4199
The Link Library WordPress plugin prior to 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
Link Library Project Link Library
4.3
CVSSv2
CVE-2021-25091
The Link Library WordPress plugin prior to 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Link Library Project Link Library
4.3
CVSSv2
CVE-2021-25092
The Link Library WordPress plugin prior to 7.2.8 does not have CSRF check when resetting library settings, allowing malicious users to make a logged in admin reset arbitrary settings via a CSRF attack
Link Library Project Link Library
5
CVSSv2
CVE-2021-25093
The Link Library WordPress plugin prior to 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request
Link Library Project Link Library
10
CVSSv2
CVE-2018-19987
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the...
D-link Dir-818lw Firmware 2.05.b03
D-link Dir-822 Firmware 202krb06
Dlink Dir-822 Firmware 3.10b06
D-link Dir-860l Firmware 2.03.b03
D-link Dir-868l Firmware 2.05b02
D-link Dir-880l Firmware 1.20b01 01 I3se
D-link Dir-890l\\/r Firmware 1.21b02
2 Github repositories
7.5
CVSSv2
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
6.5
CVSSv2
CVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »