Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-8861
The handlebars package prior to 4.0.0 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Handlebars.js Project Handlebars.js
1 Github repository
4.3
CVSSv2
CVE-2015-8862
mustache package prior to 2.2.1 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Mustache.js Project Mustache.js
7.5
CVSSv2
CVE-2021-45411
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.
Printable Staff Id Card Creator System Project Printable Staff Id Card Creator System 1.0
7.5
CVSSv2
CVE-2018-4056
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN ser...
Coturn Project Coturn
Debian Debian Linux 8.0
Debian Debian Linux 9.0
2.1
CVSSv2
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Gummi Project Gummi 0.6.5
5
CVSSv2
CVE-2014-3683
Integer overflow in rsyslog prior to 7.6.7 and 8.x prior to 8.4.2 and sysklogd 1.5 and previous versions allows remote malicious users to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-...
Rsyslog Rsyslog 8.3.5
Rsyslog Rsyslog 8.2.2
Rsyslog Rsyslog 8.2.1
Rsyslog Rsyslog 8.2.3
Rsyslog Rsyslog 8.1.6
Rsyslog Rsyslog 8.1.2
Rsyslog Rsyslog 8.1.1
Rsyslog Rsyslog 8.4.1
Rsyslog Rsyslog 8.3.2
Rsyslog Rsyslog 8.3.4
Rsyslog Rsyslog 8.1.4
Rsyslog Rsyslog 8.3.3
Rsyslog Rsyslog 8.3.0
Rsyslog Rsyslog 8.4.0
Rsyslog Rsyslog 8.1.5
Rsyslog Rsyslog
Rsyslog Rsyslog 8.1.0
Rsyslog Rsyslog 8.3.1
Rsyslog Rsyslog 8.1.3
Rsyslog Rsyslog 8.2.0
Sysklogd Project Sysklogd 1.4.1
Sysklogd Project Sysklogd 1.3
5
CVSSv2
CVE-2014-1484
Mozilla Firefox prior to 27.0 on Android 4.2 and previous versions creates system-log entries containing profile paths, which allows malicious users to obtain sensitive information via a crafted application.
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 11
Mozilla Firefox
Mozilla Firefox 0.1
Mozilla Firefox 0.2
Mozilla Firefox 0.3
Mozilla Firefox 0.4
Mozilla Firefox 0.5
Mozilla Firefox 0.6
Mozilla Firefox 0.6.1
Mozilla Firefox 0.7
Mozilla Firefox 0.7.1
Mozilla Firefox 0.8
Mozilla Firefox 0.9
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.3
Mozilla Firefox 0.10
Mozilla Firefox 0.10.1
Mozilla Firefox 1.0
Mozilla Firefox 1.0.1
2.1
CVSSv2
CVE-2017-15112
keycloak-httpd-client-install versions prior to 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
Keycloak-httpd-client-install Project Keycloak-httpd-client-install
4
CVSSv2
CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability...
Spring-boot-actuator-logview Project Spring-boot-actuator-logview
4 Github repositories
NA
CVE-2023-40852
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows malicious users to obtain sensitive information via crafted string in the admin user name field on the admin log in page.
User Registration & Login And User Management System With Admin Panel Project User Registration & Login And User Management System With Admin Panel 3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »