Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-member vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45223
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
Mattermost Mattermost
NA
CVE-2023-5160
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
Mattermost Mattermost
668
VMScore
CVE-2017-16920
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote malicious users to upload arbitrary .php files via a member api swfupload action to index.php.
Finecms Finecms 5.2.0
NA
CVE-2022-45164
An issue exists in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking
Archibus Archibus Web Central 2022.03.01.107
NA
CVE-2023-47858
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
Mattermost Mattermost Server
NA
CVE-2024-1887
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.
642
VMScore
CVE-2022-21978
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
605
VMScore
CVE-2018-16448
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
Chshcms Cscms 4.0
356
VMScore
CVE-2019-10153
A flaw exists in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying s...
Clusterlabs Fence-agents
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux 8.0
356
VMScore
CVE-2021-37631
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the ins...
Nextcloud Deck
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »