Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
migration toolkit vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2023-26125
Versions of the package github.com/gin-gonic/gin prior to 1.9.0 are vulnerable to Improper Input Validation by allowing an malicious user to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue do...
Gin-gonic Gin
5.3
CVSSv3
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.6.
Url-parse Project Url-parse
5.3
CVSSv3
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.7.
Url-parse Project Url-parse
9.1
CVSSv3
CVE-2022-0686
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.8.
Url-parse Project Url-parse
9.8
CVSSv3
CVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.9.
Url-parse Project Url-parse
NA
CVE-2023-5129
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
2 Github repositories
9.8
CVSSv3
CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controlla...
Apache Commons Bcel
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
8.1
CVSSv3
CVE-2022-31690
Spring Security, versions 5.7 before 5.7.5, and 5.6 before 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorizati...
Vmware Spring Security
Netapp Active Iq Unified Manager -
1 Github repository
9.8
CVSSv3
CVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions before 1.4.1 and 2.0.3.
Webpack.js Loader-utils
Debian Debian Linux 10.0
1 Github repository
4.3
CVSSv3
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filenam...
Gin-gonic Gin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »