Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wire vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-41100
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as ...
Wire Wire-server
4.3
CVSSv2
CVE-2021-32683
wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and pas...
Wire Wire-webapp
5.1
CVSSv2
CVE-2022-23610
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without S...
Wire Wire-server
3.5
CVSSv2
CVE-2021-41101
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XS...
Wire Wire Server
5
CVSSv2
CVE-2021-41119
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a...
Wire Wire-server
7.5
CVSSv2
CVE-2021-41193
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions before 7.1.12 allows an malicious user to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs ...
Wire Wire-audio Video Signaling
6.4
CVSSv2
CVE-2021-29508
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializ...
Asynkron Wire
5.5
CVSSv2
CVE-2021-21382
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://gi...
Wire Restund
7.5
CVSSv2
CVE-2010-3608
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote malicious users to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
Wire Plastic Design Wpquiz 2.7
1 EDB exploit
10
CVSSv2
CVE-2007-6172
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
Wire Plastic Design Wpquiz 2.7
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »