Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27894
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is ...
5.3
CVSSv3
CVE-2017-6624
A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote malicious user to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affect...
Cisco Ios 15.5\\(3\\)m
9.8
CVSSv3
CVE-2022-20857
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote malicious user to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the D...
Cisco Nexus Dashboard
9.8
CVSSv3
CVE-2022-20858
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote malicious user to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the D...
Cisco Nexus Dashboard
8.8
CVSSv3
CVE-2022-20861
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote malicious user to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the D...
Cisco Nexus Dashboard
7.5
CVSSv3
CVE-2017-15235
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote malicious users to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
Horde Groupware 5.2.21
1 EDB exploit
9.8
CVSSv3
CVE-2017-18001
Trustwave Secure Web Gateway (SWG) up to and including 11.8.0.27 allows remote malicious users to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Trustwave Secure Web Gateway
1 EDB exploit
NA
CVE-2003-1169
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
Datev Nutzungskontrolle 2.1
Datev Nutzungskontrolle 2.2
1 EDB exploit
NA
CVE-2006-2280
Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and previous versions allows remote malicious users to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter.
Openengine Openengine 1.7.1
Openengine Openengine 1.8 Beta2
1 EDB exploit
NA
CVE-2002-1884
index.php in Py-Membres 3.1 allows remote malicious users to log in as an administrator by setting the pymembs parameter to "admin".
Py-membres Py-membres 3.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »