Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-38490
Kirby is a content management system. A vulnerability in versions before 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The...
Getkirby Kirby
10
CVSSv3
CVE-2023-37903
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows malicious users to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code ex...
Vm2 Project Vm2
1 Github repository
10
CVSSv3
CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow before 2.5.0.
Lfprojects Mlflow
10
CVSSv3
CVE-2023-37466
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@speci...
Vm2 Project Vm2
10
CVSSv3
CVE-2023-29130
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete dev...
Siemens Simatic Cn 4100
10
CVSSv3
CVE-2023-29131
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an malicious user to bypass network isolation.
Siemens Simatic Cn 4100
10
CVSSv3
CVE-2023-3432
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml before 1.2023.9.
Plantuml Plantuml
Fedoraproject Fedora 39
10
CVSSv3
CVE-2019-25136
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.
Mozilla Firefox
10
CVSSv3
CVE-2023-2909
EZ Sync service fails to adequately handle user input, allowing an malicious user to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.
Asustor Adm
10
CVSSv3
CVE-2023-31241
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
Snapone Orvc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »