Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web console vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-23452
A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page.
Selenium Selenium Grid 3.141.59
NA
CVE-2023-32552
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553
Trendmicro Apex One
Trendmicro Apex One 2019
NA
CVE-2023-32553
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.
Trendmicro Apex One
Trendmicro Apex One 2019
NA
CVE-2023-33919
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allo...
Siemens Cpci85 Firmware
NA
CVE-2023-34088
Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an adm...
Collaboraoffice Collabora Online
NA
CVE-2023-28345
An issue exists in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser,...
Faronics Insight 10.0.19045
NA
CVE-2023-28346
An issue exists in Faronics Insight 10.0.19045 on Windows. It is possible for a remote malicious user to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers c...
Faronics Insight 10.0.19045
NA
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenti...
Igniterealtime Openfire
1 Metasploit module
15 Github repositories
3 Articles
NA
CVE-2022-46389
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote malicious user to execute arbitrary JavaScript...
Servicenow Servicenow San Diego
Servicenow Servicenow Rome
Servicenow Servicenow Quebec
Servicenow Servicenow Utah
Servicenow Servicenow Tokyo
NA
CVE-2023-30771
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13...
Apache Iotdb Web Workbench 0.13.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »