Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sec consult vulnerabilities and exploits
(subscribe to this query)
6.2
CVSSv3
CVE-2019-3422
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can ...
Zte Mf910s Firmware -
4.8
CVSSv3
CVE-2021-21029
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution i...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.0
Magento Magento 2.4.1
7.5
CVSSv3
CVE-2021-34593
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be block...
Codesys Plcwinnt
Codesys Runtime Toolkit
6.1
CVSSv3
CVE-2021-31537
SIS SIS-REWE Go prior to 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
5.9
CVSSv3
CVE-2018-8546
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
Microsoft Office 2019
Microsoft Skype For Business Basic 2016
Microsoft Lync Basic 2013
Microsoft Lync 2013
Microsoft Office 365 Proplus -
Microsoft Skype For Business 2016
4.8
CVSSv3
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
Zohocorp Manageengine Servicedesk Plus
4.3
CVSSv3
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
Umbraco Umbraco Cms 8.2.2
9.8
CVSSv3
CVE-2014-9984
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
Gnu Glibc
5.4
CVSSv3
CVE-2019-19457
SALTO ProAccess SPACE 5.4.3.0 allows XSS.
Saltosystem Proaccess Space
8.8
CVSSv3
CVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X prior to 1.9.1, 2212S prior to 1.9.1, 2212G prior to 1.8, 3220 V3 prior to 1.5.1, 3420 V3 prior to 1.5.1, and 2311 through 2022-01-31.
Korenix Jetwave 2212s Firmware
Korenix Jetwave 2212g Firmware
Korenix Jetwave 2311 Firmware
Korenix Jetwave 3220 Firmware
Korenix Jetwave 3420 Firmware
Korenix Jetwave 2212x Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »