Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client side vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-43355
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or...
Fresenius-kabi Vigilant Centerium 1.0
Fresenius-kabi Vigilant Mastermed 1.0
Fresenius-kabi Vigilant Insight 1.0
Fresenius-kabi Agilia Partner Maintenance Software
Fresenius-kabi Agilia Connect Firmware
Fresenius-kabi Link\\+ Agilia Firmware 3.0
Fresenius-kabi Link\\+ Agilia Firmware
9.8
CVSSv3
CVE-2021-22049
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Serv...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
9.8
CVSSv3
CVE-2021-40499
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an malicious user to inject code that can be executed by the application. An attacker could thereby control the behavior of ...
Sap Netweaver Application Server Abap 7.70
Sap Netweaver Application Server Abap 7.70 Pi
Sap Netweaver Application Server Abap 7.70byd
9.8
CVSSv3
CVE-2021-41553
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without ...
Archibus Web Central 21.3.3.815
9.8
CVSSv3
CVE-2020-7388
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can ...
Sage Adxadmin
1 Github repository
1 Article
9.8
CVSSv3
CVE-2021-31535
LookupCol.c in X.Org X through X11R7.7 and libX11 prior to 1.7.1 might allow remote malicious users to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer ...
X.org X Window System
X.org Libx11
Fedoraproject Fedora 33
6 Github repositories
9.8
CVSSv3
CVE-2021-27384
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update...
Siemens Simatic Wincc Runtime Advanced
Siemens Simatic Wincc Runtime Advanced 16
Siemens Sinamics Sh150 Firmware
Siemens Sinamics Sm150i Firmware
Siemens Sinamics Gh150 Firmware
Siemens Sinamics Gl150 Firmware
Siemens Sinamics Gm150 Firmware
Siemens Sinamics Sl150 Firmware
Siemens Sinamics Sm120 Firmware
Siemens Sinamics Sm150 Firmware
Siemens Simatic Hmi Comfort Outdoor Panels 7\\\" Firmware
Siemens Simatic Hmi Comfort Outdoor Panels 7\\\" Firmware 16
Siemens Simatic Hmi Comfort Outdoor Panels 15\\\" Firmware
Siemens Simatic Hmi Comfort Outdoor Panels 15\\\" Firmware 16
Siemens Simatic Hmi Comfort Panels 4\\\" Firmware
Siemens Simatic Hmi Comfort Panels 4\\\" Firmware 16
Siemens Simatic Hmi Comfort Panels 22\\\" Firmware
Siemens Simatic Hmi Comfort Panels 22\\\" Firmware 16
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware 16
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware 16
9.8
CVSSv3
CVE-2020-24264
Portainer 1.24.1 and previous versions is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mo...
Portainer Portainer
9.8
CVSSv3
CVE-2021-3197
An issue exists in SaltStack Salt prior to 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2021-25281
An issue exists in through SaltStack Salt prior to 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »