Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote code vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2020-15148
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
Yiiframework Yii
3 Github repositories
10
CVSSv3
CVE-2020-1889
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.
Whatsapp Whatsapp Desktop
1 Article
10
CVSSv3
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 up to and including 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Gvectors Wpdiscuz
7 Github repositories
10
CVSSv3
CVE-2020-14606
Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Ora...
Oracle Sd-wan Edge 8.2
Oracle Sd-wan Edge 9.0
2 Articles
10
CVSSv3
CVE-2020-14701
Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD...
Oracle Sd-wan Aware 8.2
2 Articles
10
CVSSv3
CVE-2020-1350
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1909
Microsoft Windows Server 2016 2004
31 Github repositories
2 Articles
10
CVSSv3
CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, before 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to direct...
Wpewebkit Wpe Webkit
Webkitgtk Webkitgtk
Fedoraproject Fedora 31
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.1
10
CVSSv3
CVE-2020-11896
The Treck TCP/IP stack prior to 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
Treck Tcp\\/ip
3 Github repositories
1 Article
10
CVSSv3
CVE-2020-11897
The Treck TCP/IP stack prior to 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
Treck Tcp\\/ip
1 Github repository
1 Article
10
CVSSv3
CVE-2020-6966
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop contro...
Gehealthcare Apexpro Telemetry Server Firmware
Gehealthcare Carescape Central Station Mai700 Firmware 1.0
Gehealthcare Carescape Central Station Mas700 Firmware 1.0
Gehealthcare Clinical Information Center Mp100d Firmware 4.0
Gehealthcare Clinical Information Center Mp100d Firmware 5.0
Gehealthcare Clinical Information Center Mp100r Firmware 4.0
Gehealthcare Clinical Information Center Mp100r Firmware 5.0
Gehealthcare Carescape Telemetry Server Mp100r Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »