Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-3771
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Statics-server Project Statics-server
7.6
CVSSv3
CVE-2020-15135
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Dou...
Save-server Project Save-server
9.8
CVSSv3
CVE-2019-8393
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
Hotels Server Project Hotels Server
7.5
CVSSv3
CVE-2022-40016
Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows malicious users to cause a denial of service.
Media-server Project Media-server
7.5
CVSSv3
CVE-2014-10066
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.
Fancy-server Project Fancy-server
7.5
CVSSv3
CVE-2017-16216
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Tencent-server Project Tencent-server
9.3
CVSSv3
CVE-2022-31558
The tooxie/shiva-server repository up to and including 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Shiva-server Project Shiva-server
7.5
CVSSv3
CVE-2019-15596
A path traversal in statics-server exists in all version that allows an malicious user to perform a path traversal when a symlink is used within the working directory.
Statics-server Project Statics-server
9.3
CVSSv3
CVE-2022-31530
The csm-aut/csm repository up to and including 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Csm Server Project Csm Server
7.2
CVSSv3
CVE-2020-26938
In oauth2-server (aka node-oauth2-server) up to and including 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This al...
Oauth2-server Project Oauth2-server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »