Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karmainsecurity.com vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear prior to 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some ...
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
Dotclear Dotclear
NA
CVE-2023-22850
Tiki prior to 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
Tiki Tiki
NA
CVE-2023-22851
Tiki prior to 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
Tiki Tiki
NA
CVE-2023-22852
Tiki up to and including 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
Tiki Tiki
NA
CVE-2023-22853
Tiki prior to 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
Tiki Tiki
NA
CVE-2023-4136
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 up to and including 4.0.2, from 3.1.0 up to ...
Craftercms Craftercms
356
VMScore
CVE-2019-17271
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Vbulletin Vbulletin
668
VMScore
CVE-2021-26600
ImpressCMS prior to 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Impresscms Impresscms
446
VMScore
CVE-2022-23793
An issue exists in Joomla! 3.0.0 up to and including 3.10.6 & 4.0.0 up to and including 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Joomla Joomla\\!
578
VMScore
CVE-2021-3025
Invision Community IPS Community Suite prior to 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
Invisioncommunity Ips Community Suite
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »