Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-32609
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
Apache Superset
7.1
CVSSv3
CVE-2021-32610
In Archive_Tar prior to 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Php Archive Tar
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
8.1
CVSSv3
CVE-2021-32612
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
I-doo Veryfitpro 3.2.8
7.1
CVSSv3
CVE-2021-32614
A flaw was found in dmg2img up to and including 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc...
Dmg2img Project Dmg2img
9.8
CVSSv3
CVE-2021-32615
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
5.5
CVSSv3
CVE-2021-32617
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and previous versions. The inefficient algorithm is triggered when Exiv2 ...
Exiv2 Exiv2
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.1
CVSSv3
CVE-2021-32618
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects aft...
Flask-security Project Flask-security
1 Github repository
9.8
CVSSv3
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing I...
Trispark Novusedu 2.2.x-xp Bb-20201123-184084
Trispark Veo Transportation 2.2.x-xp Bb-20201123-184084os
8.8
CVSSv3
CVE-2021-32620
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions before 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link ...
Xwiki Xwiki
8.8
CVSSv3
CVE-2021-32621
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions before 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The...
Xwiki Xwiki 3.0
Xwiki Xwiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »