Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
slashes vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32652
The adapter @hono/node-server allows you to run your Hono application on Node.js. before 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostn...
9.8
CVSSv3
CVE-2017-7494
Samba since version 3.5.0 and prior to 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Samba Samba
Debian Debian Linux 8.0
2 EDB exploits
2 Nmap scripts
123 Github repositories
3 Articles
6.1
CVSSv3
CVE-2022-28977
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 up to and including 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote ...
Liferay Dxp 7.2
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
5.4
CVSSv3
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's impleme...
Verizon Serialize-javascript
6.1
CVSSv3
CVE-2019-16772
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementati...
Serialize-to-js Project Serialize-to-js
6.1
CVSSv3
CVE-2021-23385
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vu...
Flask-security Project Flask-security
NA
CVE-2024-25609
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 up to and including 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, whic...
NA
CVE-2014-7819
Multiple directory traversal vulnerabilities in server.rb in Sprockets prior to 2.0.5, 2.1.x prior to 2.1.4, 2.2.x prior to 2.2.3, 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.6, 2.5.x prior to 2.5.1, 2.6.x and 2.7.x prior to 2.7.1, 2.8.x prior to 2.8.3, 2.9.x prior to 2.9.4, 2.10.x ...
Sprockets Project Sprockets 2.6.0
Sprockets Project Sprockets
Sprockets Project Sprockets 3.0.0
8.8
CVSSv3
CVE-2023-38346
An issue exists in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the func...
Windriver Vxworks 6.9
Windriver Vxworks 7.0
8.8
CVSSv3
CVE-2019-9686
pacman prior to 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given i...
Pacman Project Pacman
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »