Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-41101
An issue exists in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and previous versions, and to a heap-based buffer o...
Opennds Opennds
9.8
CVSSv3
CVE-2023-48648
Concrete CMS prior to 8.5.13 and 9.x prior to 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions c...
Concretecms Concrete Cms
9.8
CVSSv3
CVE-2022-47445
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a up to and including 1.2.0.
Web-x Be-popia-compliant
9.8
CVSSv3
CVE-2023-47174
Thorn SFTP gateway 3.4.x prior to 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.
Thorntech Sftp Gateway Firmware
9.8
CVSSv3
CVE-2023-46158
IBM WebSphere Application Server Liberty 23.0.0.9 up to and including 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.
Ibm Websphere Application Server Liberty
9.8
CVSSv3
CVE-2022-22466
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.
Ibm Security Verify Governance
9.8
CVSSv3
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 prior to 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
Iterm2 Iterm2
Iterm2 Iterm2 3.5.0
9.8
CVSSv3
CVE-2023-33836
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.
Ibm Security Verify Governance
9.8
CVSSv3
CVE-2023-45132
NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged...
Wargio Naxsi
9.8
CVSSv3
CVE-2023-45199
Mbed TLS 3.2.x up to and including 3.4.x prior to 3.5 has a Buffer Overflow that can lead to remote Code execution.
Arm Mbed Tls
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »