Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
works vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-24360
The Yes/No Chart WordPress plugin prior to 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks
Kohsei-works Yes\\/no Chart
5.4
CVSSv3
CVE-2022-37462
A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse up to and including 4.2.12 and 5.0 allows remote malicious users to inject arbitrary web script or HTML via AttachmentId in the file-upload details.
Upstreamworks Upstream Works On Finesse
7.5
CVSSv3
CVE-2017-9212
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
Bavarian Motor Works Bluetooth Stack -
NA
CVE-2006-6850
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote malicious users to execute arbitrary PHP code via a URL in the mod_root parameter.