Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sec consult vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-11600
A SQL injection vulnerability in the activities API in OpenProject prior to 8.3.2 allows a remote malicious user to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API ...
Openproject Openproject
1 EDB exploit
1 Github repository
3.5
CVSSv2
CVE-2021-36787
The femanager extension prior to 5.5.1 and 6.x prior to 6.3.1 for TYPO3 allows XSS via a crafted SVG document.
In2code Femanager
NA
CVE-2024-25976
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file l...
NA
CVE-2024-25977
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim'...
4.3
CVSSv2
CVE-2019-11841
A message-forgery issue exists in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash"...
Golang Crypto 2019-03-25
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.8
CVSSv2
CVE-2021-34805
An issue exists in FAUST iServer prior to 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
Land-software Faust Iserver
7.5
CVSSv2
CVE-2014-9984
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
Gnu Glibc
7.2
CVSSv2
CVE-2019-10679
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.
Thomsonreuters Eikon 4.0.42144
9
CVSSv2
CVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X prior to 1.9.1, 2212S prior to 1.9.1, 2212G prior to 1.8, 3220 V3 prior to 1.5.1, 3420 V3 prior to 1.5.1, and 2311 through 2022-01-31.
Korenix Jetwave 2212s Firmware
Korenix Jetwave 2212g Firmware
Korenix Jetwave 2311 Firmware
Korenix Jetwave 3220 Firmware
Korenix Jetwave 3420 Firmware
Korenix Jetwave 2212x Firmware
3.5
CVSSv2
CVE-2019-19457
SALTO ProAccess SPACE 5.4.3.0 allows XSS.
Saltosystem Proaccess Space
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »