Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client side vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially...
Wolfssl Wolfssl
5.3
CVSSv3
CVE-2023-35901
IBM Robotic Process Automation 21.0.0 up to and including 21.0.7.6 and 23.0.0 up to and including 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
Ibm Robotic Process Automation
Ibm Robotic Process Automation As A Service
Ibm Robotic Process Automation For Cloud Pak
7.2
CVSSv3
CVE-2023-32612
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions before 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
Wavlink Wl-wn531ax2 Firmware
6.1
CVSSv3
CVE-2023-36474
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing ...
Projectdiscovery Interactsh
7.5
CVSSv3
CVE-2023-3138
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array in...
X.org Libx11
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
1 Github repository
6.5
CVSSv3
CVE-2023-34761
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.
7-eleven Hello Cup 1.3.1
1 Github repository
6.5
CVSSv3
CVE-2023-35173
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryptio...
Nextcloud End-to-end Encryption
5.4
CVSSv3
CVE-2023-34461
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ...
Pybb Project Pybb 0.1.0
5.4
CVSSv3
CVE-2023-2442
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 15.11.7, all versions starting from 16.0 prior to 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows malicious users to perform arbit...
Gitlab Gitlab
5.4
CVSSv3
CVE-2023-32683
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addres...
Matrix Synapse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »