Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sdk vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2023-7080
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and ...
Cloudflare Wrangler
7.8
CVSSv3
CVE-2023-5180
An issue exists in Open Design Alliance Drawings SDK prior to 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current...
Opendesign Drawings Sdk
3.3
CVSSv3
CVE-2023-51651
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer compone...
Amazon Aws Software Development Kit
7.5
CVSSv3
CVE-2023-50249
Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an malicious user to cause excessive computatio...
Sentry Astro
7.5
CVSSv3
CVE-2023-6562
JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an malicious user to exfiltrate local and remote files reachable by a server if the server allows the malicious user to upload a specially-crafted the image that is displayed back to the attacker.
Kakadusoftware Kakadu Sdk
6.5
CVSSv3
CVE-2023-5310
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and previous versions. This attack can be carried out only by devices on the network sending a stream of packets to the device.
Silabs Z-wave Software Development Kit
9.8
CVSSv3
CVE-2023-4489
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and previous versions. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unautho...
Silabs Z\\/ip Gateway Sdk
7.5
CVSSv3
CVE-2023-41151
An uncaught exception issue discovered in Softing OPC UA C++ SDK prior to 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
Softing Opc
Softing Opc Ua C\\+\\+ Software Development Kit
Softing Secure Integration Server
9.8
CVSSv3
CVE-2023-0757
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote malicious user to upload arbitrary malicious code and gain full access on the affected device.
Phoenixcontact Multiprog
Phoenixcontact Proconos Eclr
7.5
CVSSv3
CVE-2023-5592
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote malicious user to download and execute applications without integrity checks on the device which may result in a complete loss...
Phoenixcontact Multiprog
Phoenixcontact Proconos Eclr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »