Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-3254
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin prior to 5.0.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
Wppa.opajaap Wp-photo-album-plus 5.0.1
Wppa.opajaap Wp-photo-album-plus
Wppa.opajaap Wp-photo-album-plus 5.0.0
5.4
CVSSv3
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus prior to 11020 allows Stored XSS in the request history.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
5.4
CVSSv3
CVE-2023-37308
Zoho ManageEngine ADAudit Plus prior to 7100 allows XSS via the username field.
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
6.5
CVSSv3
CVE-2023-38332
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
8.8
CVSSv3
CVE-2024-0269
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
8.8
CVSSv3
CVE-2024-0252
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
Zohocorp Manageengine Adselfservice Plus 6.4
Zohocorp Manageengine Adselfservice Plus
8.8
CVSSv3
CVE-2024-0253
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
5.4
CVSSv3
CVE-2023-41904
Zoho ManageEngine ADManager Plus prior to 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
8.8
CVSSv3
CVE-2023-25467
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.
Resize At Upload Plus Project Resize At Upload Plus
7.2
CVSSv3
CVE-2023-29084
Zoho ManageEngine ADManager Plus prior to 7181 allows for authenticated users to exploit command injection via Proxy settings.
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »