Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portal vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-39807
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 exists to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.
Nvki Intelligent Broadband Subscriber Gateway 3.5
9.8
CVSSv3
CVE-2023-4407
A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to ...
Credit Lite Project Credit Lite 1.5.4
1 Github repository
9.8
CVSSv3
CVE-2023-3522
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: prior to 1.48.
A2technology License Portal System
9.8
CVSSv3
CVE-2023-2080
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.
Forcepoint Web Security -
Forcepoint Email Security -
9.8
CVSSv3
CVE-2021-33990
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized use...
Liferay Liferay Portal 6.2.5
9.8
CVSSv3
CVE-2023-1962
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of the argument username lea...
Best Online News Portal Project Best Online News Portal 1.0
9.8
CVSSv3
CVE-2023-25909
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
Hgiga Oaklouds Portal
9.8
CVSSv3
CVE-2023-20032
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and previous versions, 0.105.1 and previous versions, and 0.103.7 and previous versions could allow an unauthentic...
Cisco Web Security Appliance
Cisco Secure Endpoint Private Cloud
Cisco Secure Endpoint
Clamav Clamav 1.0.0
Clamav Clamav
Stormshield Stormshield Network Security
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-0784
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The ex...
Best Online News Portal Project Best Online News Portal 1.0
9.8
CVSSv3
CVE-2022-47377
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote malicious user to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a...
Sick Sim2000 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »