Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit.com vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 up to and including 8.11.2, from 9.0.0 prior t...
Apache Solr
1 Github repository
7.2
CVSSv3
CVE-2020-5741
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated malicious user to execute arbitrary Python code.
Plex Media Server
4.9
CVSSv3
CVE-2021-2021
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser...
Oracle Mysql
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Fedoraproject Fedora 32
Fedoraproject Fedora 33
NA
CVE-2013-0625
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote malicious users to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Adobe Coldfusion 9.0.2
Adobe Coldfusion 10.0
Adobe Coldfusion 9.0
Adobe Coldfusion 9.0.1
1 EDB exploit
NA
CVE-2013-0629
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows malicious users to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
Adobe Coldfusion 9.0.1
Adobe Coldfusion 9.0.2
Adobe Coldfusion 9.0
Adobe Coldfusion 10.0
1 EDB exploit
9.8
CVSSv3
CVE-2021-21307
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin prior to 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96...
Lucee Lucee Server
7.5
CVSSv3
CVE-2018-10956
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.
Ipconfigure Orchid Core Vms 2.0.5
1 EDB exploit
8.8
CVSSv3
CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote malicious user to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
Articatech Web Proxy 4.30.000000
NA
CVE-2021-458439
This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected.
7.8
CVSSv3
CVE-2020-0787
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1607
Microsoft Windows 8.1 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows 7 -
Microsoft Windows Rt 8.1 -
Microsoft Windows 10 -
Microsoft Windows 10 1709
Microsoft Windows 10 1803
Microsoft Windows 10 1809
Microsoft Windows 10 1903
Microsoft Windows 10 1909
Microsoft Windows Server 2012 -
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1909
Microsoft Windows Server 2019 -
5 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »