Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
report project report vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-19854
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges fro...
Serpico Project Serpico 1.3.0
8.8
CVSSv3
CVE-2019-19909
An issue exists in Public Knowledge Project (PKP) pkp-lib prior to 3.1.2-2, as used in Open Journal Systems (OJS) prior to 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.
Sfu Open Journal System
8.8
CVSSv3
CVE-2019-17590
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineer...
Csrf Magic Project Csrf Magic
8.6
CVSSv3
CVE-2023-32409
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a repo...
Apple Macos
Apple Watchos
Apple Tvos
Apple Safari
Apple Iphone Os
Apple Ipados
3 Articles
8.6
CVSSv3
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications...
Express Handlebars Project Express Handlebars
8.6
CVSSv3
CVE-2016-6368
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition due to the Snort process unexpectedly resta...
Cisco Firepower Management Center 6.0.0.0
Cisco Firepower Management Center 6.0.0
Cisco Firepower Management Center 6.0.0.1
Cisco Firepower Management Center 6.0.1
8.3
CVSSv3
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced N...
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Investor Servicing 12.0.4
Oracle Retail Store Inventory Management 14.1
Oracle Ilearning 6.2
Oracle Hospitality Suite8 8.10.2
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Flexcube Investor Servicing 12.4.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Hospitality Reporting And Analytics 9.1.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Banking Platform 2.6.2
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Retail Predictive Application Server 15.0.3
8.1
CVSSv3
CVE-2022-38813
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows malicious users to access all data of users, delete the users, add and manage Blood Group, and Submit Report.
Phpgurukul Blood Donor Management System Project Phpgurukul Blood Donor Management System 1.0
1 Github repository
7.8
CVSSv3
CVE-2019-11484
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.
Whoopsie Project Whoopsie -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
7.8
CVSSv3
CVE-2019-3844
It exists that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources...
Systemd Project Systemd
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapprotect -
Netapp Cn1610 Firmware -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »