Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1043
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
Linux Linux Kernel
NA
CVE-2020-14321
In Moodle prior to 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
Moodle Moodle
Moodle Moodle 3.9.0
4 Github repositories
NA
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration 8.7.6
Zimbra Collaboration 8.7.7
Zimbra Collaboration 8.7.9
Zimbra Collaboration 8.7.10
Zimbra Collaboration 8.7.11
Zimbra Collaboration 8.8.0
Zimbra Collaboration 8.8.2
Zimbra Collaboration 8.8.3
Zimbra Collaboration 8.8.4
Zimbra Collaboration 8.8.6
Zimbra Collaboration 8.8.7
Zimbra Collaboration 8.8.8
Zimbra Collaboration 8.8.9
Zimbra Collaboration 8.8.10
Zimbra Collaboration 8.8.11
Zimbra Collaboration 8.8.12
1 Github repository
NA
CVE-2022-36446
software/apt-lib.pl in Webmin prior to 1.997 lacks HTML escaping for a UI command.
Webmin Webmin
4 Github repositories
NA
CVE-2022-35405
Zoho ManageEngine Password Manager Pro prior to 12101 and PAM360 prior to 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus prior to 4303 with authentication.)
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.5
1 Github repository
NA
CVE-2022-30526
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 up to and including 5.30, USG FLEX 200 firmware versions 4.50 up to and including 5.30, USG FLEX 500 firmware versions 4.50 up to and including 5.30, USG FLEX 70...
Zyxel Usg Flex 100w Firmware
Zyxel Usg Flex 200 Firmware
Zyxel Usg Flex 500 Firmware
Zyxel Usg Flex 700 Firmware
Zyxel Usg Flex 50w Firmware
Zyxel Usg20w-vpn Firmware
Zyxel Atp800 Firmware
Zyxel Atp700 Firmware
Zyxel Atp500 Firmware
Zyxel Atp200 Firmware
Zyxel Atp100w Firmware
Zyxel Atp100 Firmware
Zyxel Vpn1000 Firmware
Zyxel Vpn300 Firmware
Zyxel Vpn100 Firmware
Zyxel Vpn50 Firmware
Zyxel Usg20-vpn Firmware
Zyxel Usg 2200-vpn Firmware
Zyxel Zywall 110 Firmware
Zyxel Zywall 310 Firmware
Zyxel Zywall 1100 Firmware
Zyxel Usg40 Firmware
NA
CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can...
Apache Spark
1 Metasploit module
18 Github repositories
9
CVSSv2
CVE-2022-20828
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote malicious user to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the roo...
Cisco Asa Firepower
1 Metasploit module
1 Github repository
1 Article
7.5
CVSSv2
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 prior to 7.4.17, fro...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
99 Github repositories
3 Articles
9.3
CVSSv2
CVE-2022-30190
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then i...
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1607
Microsoft Windows 8.1 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows 7 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows 10 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 10 21h1
Microsoft Windows Server 2022 -
Microsoft Windows 11 -
Microsoft Windows 10 21h2
122 Github repositories
8 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »