Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-2239
The Request a Quote WordPress plugin prior to 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Emarketdesign Request A Quote
8.8
CVSSv3
CVE-2022-2240
The Request a Quote WordPress plugin up to and including 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Emarketdesign Request A Quote
9.8
CVSSv3
CVE-2023-20852
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Aenrich A\\+hrd 6.8.1039v844
9.8
CVSSv3
CVE-2023-20853
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt...
Aenrich A\\+hrd 6.8.1039v844
7.5
CVSSv3
CVE-2022-26675
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.
Aenrich A\\+hrd 6.8
9.8
CVSSv3
CVE-2022-26676
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.
Aenrich A\\+hrd 6.8
8.8
CVSSv3
CVE-2024-23348
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and previous versions...
Appleple A-blog Cms
6.1
CVSSv3
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions before 4.1.1 (for Movable Type 7 Series) and versions before 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated malicious user to inject an arbitrary script.
Ark-web A-form
NA
CVE-2009-2292
Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Appleple A-news 2.32
NA
CVE-2007-5786
Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_...
A-enterprise Gosamba 1.0.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »