Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-31456
A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter.
Truedesk Truedesk 1.2.2
7.5
CVSSv3
CVE-2022-31457
RTX TRAP v1.0 allows malicious users to perform a directory traversal via a crafted request sent to the endpoint /data/.
Rtx Trap Project Rtx Trap 1.0
7.1
CVSSv3
CVE-2022-31463
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
Owllabs Meeting Owl Pro Firmware
6.1
CVSSv3
CVE-2022-31468
OX App Suite up to and including 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
Open-xchange Ox App Suite
6.5
CVSSv3
CVE-2022-3147
Mattermost version 7.0.x and previous versions fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.
Mattermost Mattermost Server
6.1
CVSSv3
CVE-2022-31470
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail prior to 10.2.3.12 and 10.3.x prior to 10.3.3.47 allows malicious users to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can acce...
Axigen Axigen Mobile Webmail
1 Github repository
7.7
CVSSv3
CVE-2022-31473
In BIG-IP Versions 16.1.x prior to 16.1.1 and 15.1.x prior to 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit c...
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 16.1.0
4.9
CVSSv3
CVE-2022-31475
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
Givewp Givewp
4.3
CVSSv3
CVE-2022-31478
The UserTakeOver plugin prior to 4.0.1 for ILIAS allows an malicious user to list all users via the search function.
Sr.solutions Usertakeover
9.8
CVSSv3
CVE-2022-31479
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502,...
Hidglobal Lp1501 Firmware
Hidglobal Lp1502 Firmware
Hidglobal Lp2500 Firmware
Hidglobal Lp4502 Firmware
Hidglobal Ep4502 Firmware
Carrier Lenels2 Lnl-4420 Firmware
Carrier Lenels2 Lnl-x2210 Firmware
Carrier Lenels2 Lnl-x2220 Firmware
Carrier Lenels2 Lnl-x3300 Firmware
Carrier Lenels2 Lnl-x4420 Firmware
Carrier Lenels2 S2-lp-1501 Firmware
Carrier Lenels2 S2-lp-1502 Firmware
Carrier Lenels2 S2-lp-2500 Firmware
Carrier Lenels2 S2-lp-4502 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »