Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nu11secur1ty vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-28419
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
5.4
CVSSv3
CVE-2021-3151
i-doit prior to 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated malicious users to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MO...
I-doit I-doit
9.8
CVSSv3
CVE-2021-26201
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.
Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0
6.1
CVSSv3
CVE-2021-26929
An XSS issue exists in Horde Groupware Webmail Edition up to and including 5.2.22 (where the Horde_Text_Filter library prior to 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2h...
5.4
CVSSv3
CVE-2021-3294
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.
Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0
6.1
CVSSv3
CVE-2021-3318
attach/ajax.php in DzzOffice up to and including 2.02.1 allows XSS via the editorid parameter.
Dzzoffice Dzzoffice
7.8
CVSSv3
CVE-2021-3156
Sudo prior to 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Sudo Project Sudo 1.9.5
Sudo Project Sudo
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Oncommand Unified Manager Core Package -
Mcafee Web Gateway 8.2.17
Mcafee Web Gateway 9.2.8
Mcafee Web Gateway 10.0.4
Synology Diskstation Manager 6.2
Synology Diskstation Manager Unified Controller 3.0
Synology Skynas Firmware -
Synology Vs960hd Firmware -
Beyondtrust Privilege Management For Mac
Beyondtrust Privilege Management For Unix\\/linux
Oracle Micros Compact Workstation 3 Firmware 310
Oracle Micros Es400 Firmware
Oracle Micros Kitchen Display System Firmware 210
Oracle Micros Workstation 5a Firmware 5a
142 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-3278
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
Local Services Search Engine Management System Project Local Services Search Engine Management System 1.0
4.8
CVSSv3
CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
Concretecms Concrete Cms
9.8
CVSSv3
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal before 7.2.1 CE GA2 allows remote malicious users to execute arbitrary code via JSON web services (JSONWS).
Liferay Liferay Portal
13 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »