Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-26563
The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web...
Syncfusion Nodejs File System Provider 0102271
1 Github repository
9.8
CVSSv3
CVE-2023-26564
The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.
Syncfusion Ej2 Aspcore File Provider -
1 Github repository
9.8
CVSSv3
CVE-2023-35175
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
Hp Laserjet Pro Mfp M478-m479 W1a75a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a76a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a77a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a78a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a79a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a80a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a81a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a82a Firmware
Hp Laserjet Pro M453-m454 W1y40a Firmware
Hp Laserjet Pro M453-m454 W1y41a Firmware
Hp Laserjet Pro M453-m454 W1y43a Firmware
Hp Laserjet Pro M453-m454 W1y44a Firmware
Hp Laserjet Pro M453-m454 W1y45a Firmware
Hp Laserjet Pro M453-m454 W1y46a Firmware
Hp Laserjet Pro M453-m454 W1y47a Firmware
Hp Laserjet Pro M304-m305 W1a46a Firmware
Hp Laserjet Pro M304-m305 W1a47a Firmware
Hp Laserjet Pro M304-m305 W1a48a Firmware
Hp Laserjet Pro M304-m305 W1a66a Firmware
Hp Laserjet Pro M404-m405 93m22a Firmware
Hp Laserjet Pro M404-m405 W1a51a Firmware
Hp Laserjet Pro M404-m405 W1a52a Firmware
9.8
CVSSv3
CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote malicious users to run arbitrary commands via unauthenticated HTTP request.
Magnussolution Magnusbilling
2 Github repositories
9.8
CVSSv3
CVE-2023-25367
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.
Siglent Sds1204x-e Firmware 6.1.37r9.ads
Siglent Sds1104x-e Firmware 6.1.37r9.ads
Siglent Sds1074x-e Firmware 6.1.37r9.ads
1 Github repository
9.8
CVSSv3
CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft Sharepoint Server 2019
4 Github repositories
3 Articles
9.8
CVSSv3
CVE-2023-34362
In Progress MOVEit Transfer prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated malicious user to gain a...
Progress Moveit Cloud
Progress Moveit Transfer
18 Github repositories
10 Articles
9.8
CVSSv3
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code ...
Wcms Wcms 0.3.2
9.8
CVSSv3
CVE-2023-31240
Snap One OvrC Pro versions before 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
Snapone Orvc
9.8
CVSSv3
CVE-2023-33294
An issue exists in KaiOS 3.0 prior to 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted...
Kaiostech Kaios 3.0
Kaiostech Kaios 3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »