Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
desktop vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-37841
Docker Desktop prior to 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue lead...
Docker Desktop
5.4
CVSSv3
CVE-2022-39331
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds...
Nextcloud Desktop
5.4
CVSSv3
CVE-2022-39332
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known ...
Nextcloud Desktop
4.7
CVSSv3
CVE-2022-39334
Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd before 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive ...
Nextcloud Desktop
8.8
CVSSv3
CVE-2022-23597
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop prior to 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another b...
Element Desktop
1 Github repository
NA
CVE-2007-1085
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote malicious users to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the...
Google Desktop
1 EDB exploit
6.1
CVSSv3
CVE-2015-6021
Spiceworks Desktop prior to 2015-12-01 has XSS via an SNMP response.
Spiceworks Desktop
NA
CVE-2007-3150
Google Desktop allows user-assisted remote malicious users to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, w...
Google Desktop
7.8
CVSSv3
CVE-2022-35257
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and previous versions) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
Ui Desktop
6.5
CVSSv3
CVE-2022-26877
Asana Desktop prior to 1.6.0 allows remote malicious users to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.
Asana Desktop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »