Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1672
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
Tang Project Tang
Fedoraproject Fedora 38
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
NA
CVE-2023-36994
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an malicious user to overwrite the server configuration and inject PHP code.
Travianz Project Travianz 8.3.4
Travianz Project Travianz 8.3.3
NA
CVE-2023-36822
Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions before 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API...
Uptime-kuma Project Uptime-kuma
NA
CVE-2023-34457
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of Mechan...
Mechanicalsoup Project Mechanicalsoup
NA
CVE-2023-31543
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows malicious users to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
Pipreqs Project Pipreqs
NA
CVE-2023-37306
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
Misp-project Malware Information Sharing Platform 2.4.172
NA
CVE-2023-1722
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
Yoga Class Registration System Project Yoga Class Registration System 1.0
NA
CVE-2023-1721
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
Yoga Class Registration System Project Yoga Class Registration System 1.0
NA
CVE-2023-34461
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ...
Pybb Project Pybb 0.1.0
NA
CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project...
Jenkins Maven Repository Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »