Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http server vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2018-4031
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua s...
Getcujo Smart Firewall 7003
10
CVSSv3
CVE-2019-9901
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond ...
Envoyproxy Envoy
1 Github repository
10
CVSSv3
CVE-2018-3907
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the pre...
Samsung Sth-eth-250 Firmware 0.20.17
10
CVSSv3
CVE-2018-0101
A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote malicious user to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an a...
Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense 6.0.0
Cisco Firepower Threat Defense 6.0.1
Cisco Firepower Threat Defense 6.2.0
Cisco Firepower Threat Defense 6.1.0
Cisco Firepower Threat Defense 6.2.2
Cisco Firepower Threat Defense 6.2.1
1 EDB exploit
6 Github repositories
10
CVSSv3
CVE-2017-10137
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
1 Article
10
CVSSv3
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote malicious users to execute arbitrary commands via a crafted Content-Typ...
Apache Struts 2.3.5
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.14
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.6
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
Apache Struts 2.3.14.3
Apache Struts 2.3.19
Apache Struts 2.3.20.1
2 EDB exploits
2 Nmap scripts
142 Github repositories
15 Articles
10
CVSSv3
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
9.9
CVSSv3
CVE-2023-48365
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requ...
Qlik Qlik Sense August 2022
Qlik Qlik Sense November 2022
Qlik Qlik Sense February 2023
Qlik Qlik Sense May 2023
Qlik Qlik Sense November 2021
Qlik Qlik Sense February 2022
Qlik Qlik Sense May 2022
Qlik Qlik Sense August 2023
1 Article
9.9
CVSSv3
CVE-2023-41265
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and previous versions, February 2023 Patch 7 and previous versions, November 2022 Patch 10 and previous versions, and August 2022 Patch 12 and previous versions allows...
Qlik Qlik Sense August 2022
Qlik Qlik Sense November 2022
Qlik Qlik Sense February 2023
Qlik Qlik Sense May 2023
1 Article
9.9
CVSSv3
CVE-2021-27602
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malici...
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »