Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivot pivot vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2023-4212
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an malicious user to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.
Trane Xl824 Firmware
Trane Xl850 Firmware
Trane Xl1050 Firmware
Trane Pivot Firmware
6.1
CVSSv3
CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
Cmsmadesimple Cms Made Simple 2.2.4
5.3
CVSSv3
CVE-2018-17178
An issue exists on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed eve...
Neatorobotics Botvac D4 Connected Firmware 2.2.0
Neatorobotics Botvac D6 Connected Firmware 2.2.0
Neatorobotics Botvac D5 Connected Firmware 2.2.0
Neatorobotics Botvac D7 Connected Firmware 2.2.0
Neatorobotics Botvac D3 Connected Firmware 2.2.0
NA
CVE-2015-4876
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Pivot Grid.
Oracle Peoplesoft Products 8.54
Oracle Peoplesoft Products 8.53
8
CVSSv3
CVE-2023-22934
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job...
Splunk Splunk
Splunk Splunk Cloud Platform
6
CVSSv3
CVE-2020-4095
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the enviro...
Hcltech Bigfix Platform
7.2
CVSSv3
CVE-2021-22937
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
7.5
CVSSv3
CVE-2021-22970
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local n...
Concretecms Concrete Cms
Concretecms Concrete Cms 9.0
8.8
CVSSv3
CVE-2023-37262
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular...
Tweaked Cc-tweaked
6.1
CVSSv3
CVE-2017-10253
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to comp...
Oracle Peoplesoft Enterprise Peopletools 8.54
Oracle Peoplesoft Enterprise Peopletools 8.55
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »