Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http server vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-45581
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 up to and including 7.2.2 and prior to 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted H...
Fortinet Forticlient Enterprise Management Server
NA
CVE-2024-25617
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to p...
NA
CVE-2024-23805
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB varia...
NA
CVE-2024-23788
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a network-adjacent unauthenticated malicious user to send an arbitrary HTTP request (GET) from the affected product.
9.1
CVSSv3
CVE-2024-1359
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the G...
Github Enterprise Server
NA
CVE-2024-24814
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value make...
7.5
CVSSv3
CVE-2024-23756
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated malicious users to execute dangerous actions such as uploading files to the server or deleting them.
Plone Plone 5.2.13
7.5
CVSSv3
CVE-2024-23452
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows malicious user to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is receive...
Apache Brpc
8.8
CVSSv3
CVE-2024-24824
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses...
Graylog Graylog
5
CVSSv3
CVE-2023-6388
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
Salesagility Suitecrm 7.14.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »