Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook facebook vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-6332
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests...
Facebook Hhvm 3.24.3
Facebook Hhvm
8.1
CVSSv3
CVE-2018-6340
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).
Facebook Hhvm
Facebook Hhvm 3.30
7.5
CVSSv3
CVE-2013-4593
RubyGem omniauth-facebook has an access token security vulnerability
Omniauth-facebook Project Omniauth-facebook
NA
CVE-2014-9524
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin prior to 2.8.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) change plugin settings via unspeci...
Facebook Like Box Project Facebook Like Box
5.4
CVSSv3
CVE-2018-6858
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
Facebook Clone Script Project Facebook Clone Script 1.0.5
8.8
CVSSv3
CVE-2017-17615
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
Facebook Clone Script Project Facebook Clone Script 1.0
1 EDB exploit
5.4
CVSSv3
CVE-2018-5214
The "Add Link to Facebook" plugin up to and including 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
Add Link To Facebook Project Add Link To Facebook
NA
CVE-2014-7376
The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Facebook Profits On Steroids Project Facebook Profits On Steroids 0.1
4.8
CVSSv3
CVE-2022-0209
The Mitsol Social Post Feed WordPress plugin prior to 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disa...
Facebook-wall-and-social-integration Project Facebook-wall-and-social-integration
NA
CVE-2015-3390
Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
Facebook Album Fetcher Project Facebook Album Fetcher 7.x-1.x-dev
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »