Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-47769
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated malicious users to upload malicious files in the web root of the application to gain access to the server via the web shell.
Serinf Fast Checkin 1.0
9.8
CVSSv3
CVE-2022-24963
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an malicious user to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
Apache Portable Runtime 1.7.0
9.8
CVSSv3
CVE-2022-28331
On Windows, Apache Portable Runtime 1.7.0 and previous versions may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
Apache Portable Runtime
9.8
CVSSv3
CVE-2021-43445
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.
Onlyoffice Server
9.8
CVSSv3
CVE-2022-0316
The WeStand WordPress theme prior to 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPr...
Chimpgroup Westand
Chimpgroup Bolster -
Soundblast Project Soundblast -
Spikes-black Project Spikes-black -
Chimpgroup Spikes -
Pixfill Kings Club -
Club-theme Project Club-theme -
Statfort Project Statfort -
Aidreform Project Aidreform -
Footysquare Project Footysquare -
1 Github repository
9.8
CVSSv3
CVE-2022-43389
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated malicious user to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Zyxel Lte3202-m437 Firmware
Zyxel Lte3316-m604 Firmware
Zyxel Lte7480-m804 Firmware
Zyxel Lte7490-m904 Firmware
Zyxel Nebula Fwa510 Firmware
Zyxel Nebula Fwa710 Firmware
Zyxel Nebula Nr7101 Firmware
Zyxel Nr5103 Firmware
Zyxel Nr5103e Firmware -
Zyxel Nr7101 Firmware
Zyxel Nr7102 Firmware
Zyxel Nr7103 Firmware
Zyxel Ep240p Firmware -
Zyxel Pm7320-b0 Firmware -
Zyxel Pmg5317-t20b Firmware -
Zyxel Pmg5617ga Firmware -
Zyxel Pmg5622ga Firmware -
9.8
CVSSv3
CVE-2022-4779
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected.
Elvexys Streamx
9.8
CVSSv3
CVE-2022-46764
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated malicious users to execute arbitrary SQL commands, ultimately leading to remote code execution.
Trueconf Server
9.8
CVSSv3
CVE-2022-34470
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.8
CVSSv3
CVE-2022-45406
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »