Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web project web vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows malicious users to execute arbitrary commands via crafted Hessian serialized data.
Datax-web Project Datax-web
1 Github repository
9.8
CVSSv3
CVE-2022-0766
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web before 0.6.17.
Calibre-web Project Calibre-web
9.9
CVSSv3
CVE-2022-0767
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web before 0.6.17.
Calibre-web Project Calibre-web
9.9
CVSSv3
CVE-2022-0939
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web before 0.6.18.
Calibre-web Project Calibre-web
8.8
CVSSv3
CVE-2021-23404
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an malicious user to trick a user into performing these actions unknowingly thro...
Sqlite-web Project Sqlite-web -
5.4
CVSSv3
CVE-2019-25088
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the att...
Oxidized Web Project Oxidized Web
NA
CVE-2007-5598
Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x prior to 4.7.x-1.0 and 5.x prior to 5.x-1.8 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Web Links Project Web Links
8.8
CVSSv3
CVE-2021-4164
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
Calibre-web Project Calibre-web
5.4
CVSSv3
CVE-2021-4170
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Calibre-web Project Calibre-web
9.8
CVSSv3
CVE-2021-4171
calibre-web is vulnerable to Business Logic Errors
Calibre-web Project Calibre-web
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »