Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
application server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-37635
UVDesk Community Skeleton v1.1.1 allows unauthenticated malicious users to perform brute force attacks on the login page to gain access to the application.
Uvdesk Community-skeleton 1.1.1
1 Github repository
9.8
CVSSv3
CVE-2023-4760
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method...
Eclipse Remote Application Platform
9.8
CVSSv3
CVE-2023-40309
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could a...
Sap Netweaver Application Server Abap Kernel 7.53
Sap Netweaver Application Server Abap Kernel 7.77
Sap Web Dispatcher 7.53
Sap Web Dispatcher 7.77
Sap Web Dispatcher 7.22ext
Sap Content Server 7.53
Sap Web Dispatcher 7.85
Sap Netweaver Application Server Abap Kernel 7.22
Sap Netweaver Application Server Abap Kernel 8.04
Sap Netweaver Application Server Abap 7.22ext
Sap Netweaver Application Server Abap Kernel 7.85
Sap Web Dispatcher 7.89
Sap Web Dispatcher 7.54
Sap Netweaver Application Server Abap Kernel 7.89
Sap Netweaver Application Server Abap Kernel 7.54
Sap Netweaver Application Server Abap Kernel 7.92
Sap Netweaver Application Server Abap Kernel 7.93
Sap Content Server 6.50
Sap Content Server 7.54
Sap Hana Database 2.0
Sap Host Agent 722
Sap Extended Application Services And Runtime 1.0
9.8
CVSSv3
CVE-2023-0925
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Me...
Softwareag Webmethods 10.11
9.8
CVSSv3
CVE-2023-3265
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an malicious user to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenti...
Cyberpower Powerpanel Server
9.8
CVSSv3
CVE-2023-3266
A non-feature complete authentication mechanism exists in the production application allowing an malicious user to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPan...
Cyberpower Powerpanel Server
9.8
CVSSv3
CVE-2023-36480
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it enc...
Aerospike Aerospike Java Client
9.8
CVSSv3
CVE-2023-37679
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows malicious users to execute arbitrary commands on the hosting server.
Nextgen Mirth Connect 4.3.0
1 Metasploit module
9.8
CVSSv3
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows malicious user to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contain...
Apache Jackrabbit
9.8
CVSSv3
CVE-2023-3722
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and previous versions.
Avaya Aura Device Services
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »