Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-25856
An issue exists in pcmt superMicro-CMS version 3.11, allows malicious users to delete files via crafted image file in images.php.
Supermicro-cms Project Supermicro-cms 3.11
NA
CVE-2021-25857
An issue exists in pcmt superMicro-CMS version 3.11, allows authenticated malicious users to execute arbitrary code via the font_type parameter to setup.php.
Supermicro-cms Project Supermicro-cms 3.11
8.3
CVSSv2
CVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
Open5gs Open5gs 2.1.3
5
CVSSv2
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Dgtl Huemagic 3.0.0
5
CVSSv2
CVE-2021-25874
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated malicious user to retrieve databases information such as application passwords hashes.
Youphptube Youphptube
4.3
CVSSv2
CVE-2021-25876
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote malicious user to steal administrators' session cookies or perform actions as an administrator.
Youphptube Youphptube
7.5
CVSSv2
CVE-2019-18801
An issue exists in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass...
Envoyproxy Envoy
4.3
CVSSv2
CVE-2021-25878
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote malicious user to steal administrators' session cookies or perform actions as an administrator.
Youphptube Youphptube
5
CVSSv2
CVE-2021-25898
An issue exists in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
5
CVSSv2
CVE-2021-25901
An issue exists in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
Lazy-init Project Lazy-init
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »