Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ask vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-1251
The Ask me WordPress theme prior to 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an malicious user to trick a user to change their profile information by sending a crafted request.
Inkthemes Ask Me
6.5
CVSSv3
CVE-2022-1424
The Ask me WordPress theme prior to 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an malicious user to trick logged in users to perform various actions on their behalf on the site.
2code Ask Me
NA
CVE-2007-2210
A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote malicious users to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.
Netsprint Ask Ie Toolbar 1.1
1 EDB exploit
5.5
CVSSv3
CVE-2023-29753
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local malicious user to cause a denial of service via the SharedPreference files.
Ekatox Facemoji Emoji Keyboard&ask Ai
NA
CVE-2011-0010
check.c in sudo 1.7.x prior to 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Todd Miller Sudo 1.7.2p4
Todd Miller Sudo 1.7.0
Todd Miller Sudo 1.7.4p2
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.7.2p2
Todd Miller Sudo 1.7.2p7
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.7.4
Todd Miller Sudo 1.7.4p3
Todd Miller Sudo 1.7.3b1
Todd Miller Sudo 1.7.2p1
Todd Miller Sudo 1.7.2p3
Todd Miller Sudo 1.7.4p4
Todd Miller Sudo 1.7.2p5
Todd Miller Sudo 1.7.4p1
Todd Miller Sudo 1.7.2p6
NA
CVE-2024-29844
Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no ...
9.8
CVSSv3
CVE-2022-2336
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon f...
Softing Edgeaggregator 3.1
Softing Secure Integration Server 1.22
Softing Edgeconnector 3.1
Softing Opc 5.2
Softing Opc Ua C++ Software Development Kit 6
Softing Uagates 1.74
5.4
CVSSv3
CVE-2018-17425
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
Wuzhicms Wuzhi Cms 4.1.0
NA
CVE-2008-5670
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote malicious users to change a password after hijacking a session.
Textpattern Textpattern 4.0.5
NA
CVE-2012-1782
Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote malicious users to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.
Osqa Osqa 3b
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »