Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
servers vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-42142
An issue exists in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote malicious users to cause a denial of service and false-positive packet drops.
Contiki-ng Tinydtls
9.8
CVSSv3
CVE-2024-22211
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and prox...
Freerdp Freerdp
9.8
CVSSv3
CVE-2023-22527
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated malicious user to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence ...
Atlassian Confluence Data Center
Atlassian Confluence Server
1 Metasploit module
27 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-50729
Traccar is an open source GPS tracking system. before 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows malicious users to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run ...
Traccar Traccar
9.8
CVSSv3
CVE-2023-52077
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. before 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as upda...
Nexryai Nexkey
9.8
CVSSv3
CVE-2023-6974
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote malicious user to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controll...
Anyscale Ray 2.8.0
Anyscale Ray 2.6.3
1 Github repository
2 Articles
9.8
CVSSv3
CVE-2023-43177
CrushFTP before 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
Crushftp Crushftp
2 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-6019
A command injection existed in Ray's cpu_profile URL parameter allowing malicious users to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: htt...
Ray Project Ray -
4 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-36049
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Microsoft .net Framework 2.0
Microsoft .net Framework 3.0
Microsoft .net Framework 3.5
Microsoft .net Framework 4.6.2
Microsoft .net Framework 4.7
Microsoft .net Framework 4.7.1
Microsoft .net Framework 4.7.2
Microsoft .net Framework 4.8
Microsoft .net Framework 4.8.1
Microsoft .net Framework 3.5.1
Microsoft .net 8.0.0
Microsoft .net
Microsoft Visual Studio 2022
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »