Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database server vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-20254
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote malicious user to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "...
Cisco Expressway
7.1
CVSSv3
CVE-2024-20255
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficien...
Cisco Expressway
7.8
CVSSv3
CVE-2023-48645
An issue exists in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Mainten...
Eptura Archibus 4.0.3
7.2
CVSSv3
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level cap...
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
6.1
CVSSv3
CVE-2024-23841
apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e...
Apollographql Apollo Client
5.4
CVSSv3
CVE-2023-47115
Label Studio is an a popular open source data labeling tool. Versions before 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Ex...
Humansignal Label Studio
5.3
CVSSv3
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 before 4.3.7 and 5.0.0 before 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater th...
Silverstripe Graphql
6.5
CVSSv3
CVE-2023-50308
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
Ibm Db2
8.7
CVSSv3
CVE-2024-0056
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Microsoft Sql Server 2022
Microsoft Visual Studio 2022
Microsoft Microsoft.data.sqlclient
Microsoft System.data.sqlclient
Microsoft .net Framework
Microsoft .net Framework 4.6.2
Microsoft .net Framework 4.7
Microsoft .net Framework 4.7.1
Microsoft .net Framework 4.7.2
Microsoft .net Framework 3.5
Microsoft .net Framework 4.8.1
Microsoft .net Framework 2.0
Microsoft .net
Microsoft .net 8.0.0
7.5
CVSSv3
CVE-2023-6114
The Duplicator WordPress plugin prior to 1.5.7.1, Duplicator Pro WordPress plugin prior to 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data...
Awesomemotive Duplicator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »