Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
report project report vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-45406
In SalonERP 3.0.1, a SQL injection vulnerability allows an malicious user to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
Salonerp Project Salonerp 3.0.1
7.5
CVSSv3
CVE-2022-3347
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an malicious user to present a self-signed root key and delegation chai...
Go-resolver Project Go-resolver -
6.5
CVSSv3
CVE-2022-31415
Online Fire Reporting System v1.0 exists to contain a SQL injection vulnerability via the GET parameter in /report/list.php.
Online Fire Reporting System Project Online Fire Reporting System 1.0
NA
CVE-2015-3351
Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module prior to 6.x-1.2 for Drupal allow remote malicious users to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.
Log Watcher Project Log Watcher
NA
CVE-2015-3352
Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module prior to 6.x-1.8 and 7.x-1.x prior to 7.x-1.4 for Drupal allow remote malicious users to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or ...
Jammer Project Jammer
8.8
CVSSv3
CVE-2019-19854
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges fro...
Serpico Project Serpico 1.3.0
9.8
CVSSv3
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package prior to 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some ...
Xmldom Project Xmldom 0.9.0
Xmldom Project Xmldom
Debian Debian Linux 10.0
1 Github repository
9.8
CVSSv3
CVE-2022-37598
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.
Uglifyjs Project Uglifyjs 3.13.2
7.5
CVSSv3
CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Procps-ng Project Procps-ng
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
1 EDB exploit
6.5
CVSSv3
CVE-2022-3346
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an malicious user to present the RRSIG for an attacker-controlled do...
Go-resolver Project Go-resolver -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »