Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spread vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2022-1739
The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the m...
Dominionvoting Imagecast X
Dominionvoting Imagecast X 5.5.10.32
Dominionvoting Imagecast X 5.5.10.30
5
CVSSv2
CVE-2020-10269
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and pas...
Aliasrobotics Mir100 Firmware
Aliasrobotics Mir200 Firmware
Aliasrobotics Mir250 Firmware
Aliasrobotics Mir500 Firmware
Aliasrobotics Mir1000 Firmware
Mobile-industrial-robotics Er200 Firmware
Enabled-robotics Er-lite Firmware
Enabled-robotics Er-flex Firmware
Enabled-robotics Er-one Firmware
Uvd-robots Uvd Robots Firmware
4.3
CVSSv2
CVE-2020-26505
A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an malicious user to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow...
Marmind Marmind 4.1.141.0
5
CVSSv2
CVE-2022-2309
NULL Pointer Dereference allows malicious users to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 up to and including 2.9.14. libxml2 2.9.9 and previous versions are not affected. It allows triggering crashes thr...
Lxml Lxml
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5
CVSSv2
CVE-2020-10270
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and p...
Aliasrobotics Mir100 Firmware
Aliasrobotics Mir200 Firmware
Aliasrobotics Mir250 Firmware
Aliasrobotics Mir500 Firmware
Aliasrobotics Mir1000 Firmware
Mobile-industrial-robotics Er200 Firmware
Enabled-robotics Er-lite Firmware
Enabled-robotics Er-flex Firmware
Enabled-robotics Er-one Firmware
Uvd-robots Uvd Robots Firmware
6.8
CVSSv2
CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug templ...
Pugjs Pug
Pugjs Pug-code-gen
3.5
CVSSv2
CVE-2016-7168
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress prior to 4.6.1 might allow remote malicious users to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a c...
Wordpress Wordpress
11 Github repositories
7.5
CVSSv2
CVE-2003-0284
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote malicious users to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.
Adobe Acrobat 5.0
2.6
CVSSv2
CVE-2005-1790
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and previous versions versions, allows remote malicious users to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched...
Microsoft Internet Explorer 6.0.2900.2180
Microsoft Internet Explorer 6.0.2800.1106
1 EDB exploit
7.6
CVSSv2
CVE-2017-0023
The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote malicious users to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
Microsoft Windows 10 1511
Microsoft Windows 10 1607
Microsoft Windows 8.1
Microsoft Windows Rt 8.1
Microsoft Edge
Microsoft Windows Server 2012 R2
Microsoft Windows 10 -
Microsoft Windows Server 2012
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »