Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-25437
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows malicious users to arbitrary code execution by replacing FOTA update file.
Linux Tizen
10
CVSSv2
CVE-2021-33218
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded System Passwords that provide shell access.
Commscope Ruckus Iot Controller
10
CVSSv2
CVE-2020-21787
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
Crmeb Crmeb 3.1.0\\+
10
CVSSv2
CVE-2021-27850
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019...
Apache Tapestry
2 Github repositories
10
CVSSv2
CVE-2021-27274
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController clas...
Netgear Prosafe Network Management System 1.6.0.26
10
CVSSv2
CVE-2021-21386
APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote malicious users to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow uninten...
Apkleaks Project Apkleaks
10
CVSSv2
CVE-2021-27198
An issue exists in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows install...
Visualware Myconnection Server
10
CVSSv2
CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Se...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
46 Github repositories
2 Articles
10
CVSSv2
CVE-2021-3120
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin prior to 3.3.1 for WordPress allows remote malicious users to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnera...
Yithemes Yith Woocommerce Gift Cards
10
CVSSv2
CVE-2021-1294
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote malicious user to execute arbitrary code as the root user on an affected device. These vulnerabilitie...
Cisco Rv160w Wireless-ac Vpn Router Firmware
Cisco Rv260 Vpn Router Firmware
Cisco Rv260p Vpn Router With Poe Firmware
Cisco Rv260w Wireless-ac Vpn Router Firmware
Cisco Rv160 Vpn Router Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »