Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database server vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-4023
The 3DPrint WordPress plugin prior to 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an malicious user to craft a malicious request that will create an archive of any files or directories on the target...
3dprint Project 3dprint
5.4
CVSSv3
CVE-2023-29454
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the p...
Zabbix Frontend
6
CVSSv3
CVE-2023-20210
A vulnerability in Cisco BroadWorks could allow an authenticated, local malicious user to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability...
Cisco Broadworks Application Delivery Platform Firmware 23.0
Cisco Broadworks Application Delivery Platform Firmware 24.0
Cisco Broadworks Application Delivery Platform Firmware 25.0
Cisco Broadworks Application Server Firmware 23.0
Cisco Broadworks Application Server Firmware 24.0
Cisco Broadworks Application Server Firmware 25.0
Cisco Broadworks Database Server Firmware 23.0
Cisco Broadworks Database Server Firmware 24.0
Cisco Broadworks Database Server Firmware 25.0
Cisco Broadworks Database Troubleshooting Server Firmware 23.0
Cisco Broadworks Database Troubleshooting Server Firmware 24.0
Cisco Broadworks Database Troubleshooting Server Firmware 25.0
Cisco Broadworks Execution Server Firmware 23.0
Cisco Broadworks Execution Server Firmware 24.0
Cisco Broadworks Execution Server Firmware 25.0
Cisco Broadworks Media Server Firmware 23.0
Cisco Broadworks Media Server Firmware 24.0
Cisco Broadworks Media Server Firmware 25.0
Cisco Broadworks Messaging Server Firmware 23.0
Cisco Broadworks Messaging Server Firmware 24.0
Cisco Broadworks Messaging Server Firmware 25.0
Cisco Broadworks Network Database Server Firmware 23.0
9.8
CVSSv3
CVE-2023-36812
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been pat...
Opentsdb Opentsdb
1 Metasploit module
1 Github repository
9.8
CVSSv3
CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote malicious users to run arbitrary commands via unauthenticated HTTP request.
Magnussolution Magnusbilling
1 Metasploit module
2 Github repositories
7.5
CVSSv3
CVE-2023-2828
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the con...
Isc Bind
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Active Iq Unified Manager -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp H300s Firmware -
2.7
CVSSv3
CVE-2023-2400
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and previous versions allows an administrator to view users vaults of deleted users via database access.
Devolutions Devolutions Server
8.8
CVSSv3
CVE-2023-25910
A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management ...
Siemens Simatic Pcs 7
Siemens Simatic S7-pm
Siemens Simatic Step 7
7.2
CVSSv3
CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
Postgresql Postgresql
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
5.4
CVSSv3
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happe...
Postgresql Postgresql
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »