Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2011-4558
Tiki 8.2 and previous versions allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
Tiki Tiki
1 EDB exploit
6.5
CVSSv3
CVE-2023-22852
Tiki up to and including 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
Tiki Tiki
6.5
CVSSv3
CVE-2020-8804
SuiteCRM up to and including 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2023-4136
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 up to and including 4.0.2, from 3.1.0 up to ...
Craftercms Craftercms
6.1
CVSSv3
CVE-2018-2699
Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is before 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful ...
Oracle Application Express
6.1
CVSSv3
CVE-2015-7711
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the h parameter.
Atutor Atutor
5.4
CVSSv3
CVE-2020-17372
SugarCRM prior to 10.1.0 (Q3 2020) allows XSS.
Sugarcrm Sugarcrm
5.3
CVSSv3
CVE-2023-47271
PKP-WAL (aka PKP Web Application Library or pkp-lib) prior to 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an iss...
Sfu Pkp Web Application Library
5.3
CVSSv3
CVE-2021-26598
ImpressCMS prior to 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Impresscms Impresscms
5.3
CVSSv3
CVE-2020-17373
SugarCRM prior to 10.1.0 (Q3 2020) allows SQL Injection.
Sugarcrm Sugarcrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »