Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
make vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2019-12477
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local malicious user to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
Supra Stv-lc40lt0020f Firmware -
1 EDB exploit
2 Articles
6.1
CVSSv2
CVE-2005-0197
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote malicious users to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
Cisco Ios 12.1t
Cisco Ios 12.2
Cisco Ios 12.2t
Cisco Ios 12.3
Cisco Ios 12.3t
10
CVSSv2
CVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x prior to 5.2.4.1, 5.3.x prior to 5.3.2.1, and 5.4.x prior to 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 up to and including 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3R...
Juniper Session And Resource Control 2.0
Juniper Src Pe 1.0
Juniper Session And Resource Control 1.0
Juniper Src Pe 2.0
1 EDB exploit
NA
CVE-2022-42475
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8, 6.4.0 up to and including 6.4.10, 6.2.0 up to and including 6.2.11, 6.0.15 and previous versions and FortiProxy SSL-VPN 7.2.0 up to and includ...
Fortinet Fortios
Fortinet Fortiproxy
Fortinet Fortiproxy 7.2.0
9 Github repositories
5 Articles
4.3
CVSSv2
CVE-2021-24818
The WP Limits WordPress plugin up to and including 1.0 does not have CSRF check when saving its settings, allowing malicious user to make a logged in admin change them, which could make the blog unstable by setting low values
Wp Limits Project Wp Limits
4.3
CVSSv2
CVE-2022-1793
The Private Files WordPress plugin up to and including 0.40 is missing CSRF check when disabling the protection, which could allow malicious users to make a logged in admin perform such action via a CSRF attack and make the blog public
Private Files Project Private Files 0.40
4.3
CVSSv2
CVE-2019-5786
Object lifetime issue in Blink in Google Chrome before 72.0.3626.121 allowed a remote malicious user to potentially perform out of bounds memory access via a crafted HTML page.
Google Chrome
Google Puppeteer
1 EDB exploit
5 Github repositories
2 Articles
NA
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts ...
Atlassian Confluence Server
Atlassian Confluence Data Center
32 Github repositories
5 Articles
4.3
CVSSv2
CVE-2011-2786
Google Chrome prior to 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote malicious users to make audio recordings via a crafted web page containing an INPUT element.
Google Chrome
NA
CVE-2023-0017
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and da...
Sap Netweaver Application Server For Java 7.50
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »