Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
link vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-1645
The Amazon Link WordPress plugin up to and including 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Amazon Link Project Amazon Link
4.3
CVSSv2
CVE-2021-25091
The Link Library WordPress plugin prior to 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Link Library Project Link Library
4.3
CVSSv2
CVE-2021-25092
The Link Library WordPress plugin prior to 7.2.8 does not have CSRF check when resetting library settings, allowing malicious users to make a logged in admin reset arbitrary settings via a CSRF attack
Link Library Project Link Library
5
CVSSv2
CVE-2014-9350
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote malicious users to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.
Tp-link Tl-wr740n Firmware 3.16.6
Tp-link Tl-wr740n Firmware 3.16.4
Tp-link Tl-wr740n Firmware 3.17.0
Tp-link Tl-wr740n 4
1 EDB exploit
NA
CVE-2023-26801
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.
Lb-link Bl-lte300 Firmware 1.0.8
Lb-link Bl-x26 Firmware 1.2.5
Lb-link Bl-wr9000 Firmware 2.4.9
Lb-link Bl-ac1900 Firmware 1.0.1
7.8
CVSSv2
CVE-2007-3347
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote malicious users to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
D-link Dph-541 1.00.03
D-link Dph-540 1.00.14
D-link Dph-540 1.00.03
D-link Dph-541 1.00.14
7.8
CVSSv2
CVE-2007-3348
The D-Link DPH-540/DPH-541 phone allows remote malicious users to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
D-link Dph-541 1.00.03
D-link Dph-540 1.00.14
D-link Dph-540 1.00.03
D-link Dph-541 1.00.14
10
CVSSv2
CVE-2018-19987
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the...
D-link Dir-818lw Firmware 2.05.b03
D-link Dir-822 Firmware 202krb06
Dlink Dir-822 Firmware 3.10b06
D-link Dir-860l Firmware 2.03.b03
D-link Dir-868l Firmware 2.05b02
D-link Dir-880l Firmware 1.20b01 01 I3se
D-link Dir-890l\\/r Firmware 1.21b02
2 Github repositories
NA
CVE-2023-32619
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated malicious user ...
Tp-link Archer C55 Firmware
Tp-link Archer C50 V3 Firmware
5.8
CVSSv2
CVE-2019-13268
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To ...
Tp-link Archer C3200 V1 Firmware -
Tp-link Archer C2 V1 Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »