Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-32604
Share/IncomingWizard.htm in SolarWinds Serv-U prior to 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
Solarwinds Serv-u
668
VMScore
CVE-2021-32605
zzzcms zzzphp prior to 2.0.4 allows remote malicious users to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.
605
VMScore
CVE-2021-34478
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office 2019
Microsoft 365 Apps -
642
VMScore
CVE-2021-32606
In the Linux kernel 5.11 up to and including 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
Linux Linux Kernel
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
668
VMScore
CVE-2021-32607
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message.
Smartstore Smartstore
668
VMScore
CVE-2021-32608
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
Smartstore Smartstore
312
VMScore
CVE-2021-32609
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
Apache Superset
320
VMScore
CVE-2021-32610
In Archive_Tar prior to 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Php Archive Tar
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
383
VMScore
CVE-2021-32612
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
I-doo Veryfitpro 3.2.8
516
VMScore
CVE-2021-32614
A flaw was found in dmg2img up to and including 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc...
Dmg2img Project Dmg2img
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »