Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
validated plugin project validated plugin vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-24346
The Stock in & out WordPress plugin up to and including 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issu...
Stock In & Out Project Stock In & Out
6.5
CVSSv2
CVE-2021-24337
The id GET parameter of one of the Video Embed WordPress plugin up to and including 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injec...
Video-embed-box Project Video-embed-box
NA
CVE-2022-35946
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller...
Glpi-project Glpi
NA
CVE-2023-36821
Uptime Kuma, a self-hosted monitoring tool, allows an authenticated malicious user to install a maliciously crafted plugin in versions before 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugin...
Uptime-kuma Project Uptime-kuma
6.5
CVSSv2
CVE-2021-24404
The options.php file of the WP-Board WordPress plugin up to and including 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable ...
Wp-board Project Wp-board
NA
CVE-2023-36822
Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions before 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API...
Uptime-kuma Project Uptime-kuma
4
CVSSv2
CVE-2021-24790
The Contact Form Advanced Database WordPress plugin up to and including 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscr...
Contact Form Advanced Database Project Contact Form Advanced Database
5
CVSSv2
CVE-2017-9022
The gmp plugin in strongSwan prior to 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
Strongswan Strongswan
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.04
4.3
CVSSv2
CVE-2017-9023
The ASN.1 parser in strongSwan prior to 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote malicious users to cause a denial of service (infinite loop) via a crafted certificate.
Strongswan Strongswan
7.5
CVSSv2
CVE-2016-0718
Expat allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Mozilla Firefox
Apple Mac Os X
Suse Linux Enterprise Server 11
Suse Studio Onsite 1.3
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Debuginfo 11
Opensuse Leap 42.1
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Server 12
Suse Linux Enterprise Desktop 12
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Libexpat Project Libexpat
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mcafee Policy Auditor
Python Python
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2