Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv3
CVE-2022-31503
The orchest/orchest repository prior to 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Orchest Orchest
9.3
CVSSv3
CVE-2022-31504
The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository prior to 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Baiduwenkuspider Flaskweb Project Baiduwenkuspider Flaskweb
9.3
CVSSv3
CVE-2022-31506
The cmusatyalab/opendiamond repository up to and including 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Cmu Opendiamond
9.3
CVSSv3
CVE-2022-31507
The ganga-devs/ganga repository prior to 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Ganga Project Ganga
9.3
CVSSv3
CVE-2022-31508
The idayrus/evoting repository prior to 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Idayrus E-voting
9.3
CVSSv3
CVE-2022-31509
The iedadata/usap-dc-website repository up to and including 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Iedadata Usap-dc Web Submission And Dataset Search
4.3
CVSSv3
CVE-2022-3151
The WP Custom Cursors WordPress plugin prior to 3.0.1 does not have CSRF check in place when deleting cursors, which could allow malicious users to made a logged in admin delete arbitrary cursors via a CSRF attack.
Wp Custom Cursors Project Wp Custom Cursors
9.8
CVSSv3
CVE-2023-20852
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Aenrich A\\+hrd 6.8.1039v844
9.8
CVSSv3
CVE-2023-20853
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt...
Aenrich A\\+hrd 6.8.1039v844
8.4
CVSSv3
CVE-2023-20854
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.
Vmware Workstation 17.0
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »