Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activity vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-3435
The User Activity Log WordPress plugin prior to 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated malicious users to conduct SQL injection attacks.
Solwininfotech User Activity Log
8.1
CVSSv3
CVE-2015-9455
The buddypress-activity-plus plugin prior to 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Incsub Buddypress-activity-plus
8.8
CVSSv3
CVE-2023-28694
Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.
Wbcomdesigns Buddypress Activity Social Share
8.8
CVSSv3
CVE-2022-45074
Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin <= 1.0.22 versions.
Areteit Activity Reactions For Buddypress
NA
CVE-2006-6615
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote malicious users to execute arbitrary PHP code via a URL in the module_root_path parameter.
Mxbb Activity Games Module 0.92
1 EDB exploit
4.8
CVSSv3
CVE-2012-2078
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
4.3
CVSSv3
CVE-2023-4150
The User Activity Tracking and Log WordPress plugin prior to 4.0.9 does not have proper CSRF checks when managing its license, which could allow malicious users to make logged in admins update and deactivate the plugin's license via CSRF attacks
Mooveagency User Activity Tracking And Log
8.8
CVSSv3
CVE-2012-2079
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
8.2
CVSSv3
CVE-2016-0235
IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.
Ibm Security Guardium Database Activity Monitor 10.0
5.5
CVSSv3
CVE-2016-0237
IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.
Ibm Security Guardium Database Activity Monitor 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »