Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-27697
RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.
Riot-os Riot 2021.01
668
VMScore
CVE-2021-27705
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote malicious users to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "...
Tenda G1 Firmware V15.11.0.17\\(9502\\) Cn
Tenda G3 Firmware V15.11.0.17\\(9502\\) Cn
668
VMScore
CVE-2021-27707
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote malicious users to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the par...
Tenda G1 Firmware V15.11.0.17\\(9502\\) Cn
Tenda G3 Firmware V15.11.0.17\\(9502\\) Cn
890
VMScore
CVE-2021-27708
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote malicious users to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function exe...
Totolink X5000r Firmware 9.1.0u.6118 B20201102
Totolink A720r Firmware 4.1.5cu.470 B20200911
NA
CVE-2021-27715
An issue exists in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows malicious users to bypass the authentication and execute arbitrary code via crafted HTTP request.
Mofinetwork Mofi4500-4gxelte-v2 Firmware 3.5.6-xnet-5052
668
VMScore
CVE-2021-27730
Accellion FTA 9_12_432 and previous versions is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
Accellion Fta
383
VMScore
CVE-2021-27731
Accellion FTA 9_12_432 and previous versions is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
Accellion Fta
312
VMScore
CVE-2021-27733
In JetBrains YouTrack prior to 2020.6.6441, stored XSS was possible via an issue attachment.
668
VMScore
CVE-2021-27734
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 up to and including 08.5.xx and HiSecOS 03.3.00 up to and including 03.5.01 allow remote malicious users to change the credentials of existing users.
Belden Hirschmann Hios
Belden Hisecos
Belden Hirschmann Hios 07.1.02
Belden Hirschmann Hios 07.1.01
357
VMScore
CVE-2021-27736
FusionAuth fusionauth-samlv2 prior to 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »