Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
report project report vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-19857
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the ...
Serpico Project Serpico 1.3.0
6.5
CVSSv3
CVE-2023-29417
An issue exists in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can on...
Bzip3 Project Bzip3 1.2.2
NA
CVE-2015-3389
Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and previous versions for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Public Download Count Project Public Download Count
7.2
CVSSv3
CVE-2022-39179
College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.
College Management System Project College Management System 1.0
6.1
CVSSv3
CVE-2020-25102
silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 up to and including 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditFo...
Advanced Reports Project Advanced Reports
5.4
CVSSv3
CVE-2022-34611
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.
Online Fire Reporting System Project Online Fire Reporting System 1.0
7.8
CVSSv3
CVE-2019-11484
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.
Whoopsie Project Whoopsie -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
NA
CVE-2015-1318
The crash reporting feature in Apport 2.13 up to and including 2.17.x prior to 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
Apport Project Apport 2.13.3
Apport Project Apport 2.14
Apport Project Apport 2.14.1
Apport Project Apport 2.15
Apport Project Apport 2.15.1
Apport Project Apport 2.14.2
Apport Project Apport 2.14.3
Apport Project Apport 2.16
Apport Project Apport 2.16.1
Apport Project Apport 2.13.1
Apport Project Apport 2.13.2
Apport Project Apport 2.14.6
Apport Project Apport 2.14.7
Apport Project Apport 2.13
Apport Project Apport 2.14.4
Apport Project Apport 2.14.5
Apport Project Apport 2.16.2
Apport Project Apport 2.17
3 EDB exploits
1 Github repository
8.1
CVSSv3
CVE-2022-38813
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows malicious users to access all data of users, delete the users, add and manage Blood Group, and Submit Report.
Phpgurukul Blood Donor Management System Project Phpgurukul Blood Donor Management System 1.0
1 Github repository
8.6
CVSSv3
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications...
Express Handlebars Project Express Handlebars
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »