Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
knowledge base vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2021-24914
The Tawk.To Live Chat WordPress plugin prior to 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the...
Tawk Tawk.to Live Chat
3.5
CVSSv2
CVE-2020-11036
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "<script>alert(1)</script>" reproduces the attack. This ...
Glpi-project Glpi
9.3
CVSSv2
CVE-2006-3448
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote malicious users to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different ...
Microsoft Step-by-step Interactive Training
10
CVSSv2
CVE-2003-0030
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) prior to 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.
Protegrity Secure.data 2.2.3.8
Protegrity Secure.data 2.2.3.7
5
CVSSv2
CVE-2005-0803
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote malicious users to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhance...
Microsoft Windows 2000
2 EDB exploits
NA
CVE-2024-31456
GLPI is a Free Asset and IT Management Software package. before 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
2 Github repositories
NA
CVE-2024-29889
GLPI is a Free Asset and IT Management Software package. before 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.
2 Github repositories
7.5
CVSSv2
CVE-2004-0206
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows malicious users to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an...
Microsoft Windows Xp
Microsoft Windows 98
Microsoft Windows Nt 4.0
Microsoft Windows 2000
Microsoft Windows 2003 Server R2
2 EDB exploits
NA
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit eff...
Bytecodealliance Wasmtime 6.0.0
Bytecodealliance Wasmtime 5.0.0
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen 0.93.0
Bytecodealliance Cranelift-codegen 0.92.0
Bytecodealliance Cranelift-codegen
10
CVSSv2
CVE-2004-0978
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote malicious users to execute arbitrary code via the SetupData parameter.
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »