Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security news vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4274
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and previous versions and 5.6.19 and previous versions allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.
Oracle Solaris 11.3
Oracle Mysql
Mariadb Mariadb
NA
CVE-2015-3440
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress prior to 4.2.1 allows remote malicious users to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Wordpress Wordpress
1 EDB exploit
14 Github repositories
NA
CVE-2015-3439
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x prior to 4.1.2 and other products, allows remote malicious users to execute same-origin JavaScript functions via the ...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.3
Wordpress Wordpress 4.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress 4.1.1
Wordpress Wordpress 3.9.1
Wordpress Wordpress 3.9.2
Wordpress Wordpress 4.0.1
Wordpress Wordpress 4.1
NA
CVE-2015-3438
Multiple cross-site scripting (XSS) vulnerabilities in WordPress prior to 4.1.2, when MySQL is used without strict mode, allow remote malicious users to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database laye...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-1999-0644
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the f...
NA
CVE-2014-6478
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and previous versions, and 5.6.19 and previous versions, allows remote malicious users to affect integrity via vectors related to SERVER:SSL:yaSSL.
Juniper Junos Space
Oracle Mysql
Oracle Solaris 11.3
Mariadb Mariadb
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Workstation Extension 12
5.9
CVSSv3
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby
Ruby-lang Trunk
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Puppet Puppet Agent 1.0.0
Puppet Puppet Enterprise
1 Github repository
7.4
CVSSv3
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Manageability Software Development Kit -
Netapp Storage Encryption -
Netapp E-series Santricity Os Controller
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
Tenable Tenable.sc
Tenable Nessus Network Monitor
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Zfs Storage Appliance Kit 8.8
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Server
Oracle Mysql Workbench
2 Github repositories
7.8
CVSSv3
CVE-2019-18634
In Sudo prior to 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages...
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
26 Github repositories
1 Article
NA
CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.5.1
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.4.2
Wordpress Wordpress 3.7
Wordpress Wordpress 3.8
Wordpress Wordpress 3.0
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »