Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
script security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-20257
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote malicious user to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management int...
Cisco Prime Infrastructure
Cisco Prime Infrastructure 3.10.4
Cisco Evolved Programmable Network Manager
NA
CVE-2023-29049
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilitie...
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-50725
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</scrip...
Resque Resque
NA
CVE-2021-3187
An issue exists in BeyondTrust Privilege Management for Mac prior to 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS prior to 10.15.5, or S...
Beyondtrust Privilege Management For Mac
NA
CVE-2023-49802
The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked ...
Mantisbt Linked Custom Fields
NA
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type de...
Postgresql Postgresql 16.0
Postgresql Postgresql
Redhat Software Collections 1.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
Redhat Enterprise Linux For Arm 64 8.0
Redhat Enterprise Linux For Power Little Endian Eus 9.2 Ppc64le
Redhat Codeready Linux Builder For Arm64 Eus 9.2 Aarch64
Redhat Codeready Linux Builder For Ibm Z Systems Eus 9.2 S390x
Redhat Codeready Linux Builder Eus For Power Little Endian Eus 9.2 Ppc64le
Redhat Codeready Linux Builder Eus 9.2
NA
CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overfl...
Postgresql Postgresql 16.0
Postgresql Postgresql
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Software Collections 1.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
Redhat Enterprise Linux For Arm 64 8.0
Redhat Enterprise Linux For Power Little Endian Eus 9.2 Ppc64le
NA
CVE-2023-5870
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background...
Postgresql Postgresql 16.0
Postgresql Postgresql
Redhat Software Collections 1.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
Redhat Enterprise Linux For Arm 64 8.0
Redhat Enterprise Linux For Power Little Endian Eus 9.2 Ppc64le
Redhat Codeready Linux Builder For Arm64 Eus 9.2 Aarch64
Redhat Codeready Linux Builder For Ibm Z Systems Eus 9.2 S390x
Redhat Codeready Linux Builder Eus For Power Little Endian Eus 9.2 Ppc64le
Redhat Codeready Linux Builder Eus 9.2
NA
CVE-2023-20274
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local malicious user to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent in...
Cisco Appdynamics 21.2.7
Cisco Appdynamics 21.2.8
Cisco Appdynamics 21.4.0
Cisco Appdynamics 21.4.10
Cisco Appdynamics 21.4.11
Cisco Appdynamics 21.4.2
Cisco Appdynamics 21.4.3
Cisco Appdynamics 21.4.4
Cisco Appdynamics 21.4.5
Cisco Appdynamics 21.4.6
Cisco Appdynamics 21.4.7
Cisco Appdynamics 21.4.8
Cisco Appdynamics 21.4.9
Cisco Appdynamics 21.5.0
Cisco Appdynamics 21.6.0
Cisco Appdynamics 22.1.0
Cisco Appdynamics 22.1.1
Cisco Appdynamics 22.11.0
Cisco Appdynamics 22.3.0
Cisco Appdynamics 22.10.0
Cisco Appdynamics 22.12.0
Cisco Appdynamics 22.12.1
NA
CVE-2023-46244
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this ...
Xwiki Xwiki 3.2
Xwiki Xwiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »