Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
click project click - vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-41322
In Kitty prior to 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
Kitty Project Kitty
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.8
CVSSv3
CVE-2020-7474
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious ...
Schneider-electric Pmepxm0100 Prosoft Configurator
7.5
CVSSv3
CVE-2021-32982
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.
Automationdirect C0-10dd1e-d Firmware
Automationdirect C0-10dd2e-d Firmware
Automationdirect C0-10dre-d Firmware
Automationdirect C0-10are-d Firmware
Automationdirect C0-11dd1e-d Firmware
Automationdirect C0-11dd2e-d Firmware
Automationdirect C0-11dre-d Firmware
Automationdirect C0-11are-d Firmware
Automationdirect C0-12dd1e-d Firmware
Automationdirect C0-12dd2e-d Firmware
Automationdirect C0-12dre-d Firmware
Automationdirect C0-12are-d Firmware
Automationdirect C0-12dd1e-1-d Firmware
Automationdirect C0-12dd2e-1-d Firmware
Automationdirect C0-12dre-1-d Firmware
Automationdirect C0-12are-1-d Firmware
Automationdirect C0-12dd1e-2-d Firmware
Automationdirect C0-12dd2e-2-d Firmware
Automationdirect C0-12dre-2-d Firmware
Automationdirect C0-12are-2-d Firmware
6.5
CVSSv3
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives a...
Glpi-project Glpi
6.1
CVSSv3
CVE-2023-50630
Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote malicious user to execute arbitrary code via a crafted script to the click here function.
Teamwork Management System Project Teamwork Management System 2.28.0
6.1
CVSSv3
CVE-2023-5701
A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block&g...
Vnote Project Vnote
6.1
CVSSv3
CVE-2021-37746
textview_uri_security_check in textview.c in Claws Mail prior to 3.18.0, and Sylpheed up to and including 3.7.0, does not have sufficient link checks before accepting a click.
Claws-mail Claws-mail
Sylpheed Project Sylpheed
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.1
CVSSv3
CVE-2021-21313
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target a...
Glpi-project Glpi
6.1
CVSSv3
CVE-2019-1010287
Timesheet Next Gen 1.5.3 and previous versions is affected by: Cross Site Scripting (XSS). The impact is: Allows an malicious user to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The...
Timesheet Next Gen Project Timesheet Next Gen
6.1
CVSSv3
CVE-2018-1000088
Doorkeeper version 2.1.0 up to and including 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will exe...
Doorkeeper Project Doorkeeper
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »