Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
field test vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-0137
The default configuration of the Digital Alert Systems DASDEC EAS device prior to 2.0-2 and the Monroe Electronics R189 One-Net EAS device prior to 2.0-2 contains a known SSH private key, which makes it easier for remote malicious users to obtain root access, and spoof alerts, vi...
Digital Alert Systems Dasdec Eas
Monroe Electronics R189 One-net Eas 2.0-0
Monroe Electronics R189 One-net Eas
Digital Alert Systems Dasdec Eas 2.0-0
NA
CVE-2015-3216
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote malicious users to cause a denial of service (app...
Redhat Enterprise Linux 7.0
Openssl Openssl 1.0.1e-25.el7
9.8
CVSSv3
CVE-2023-21554
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 20h2
Microsoft Windows 11 21h2
Microsoft Windows 10 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1809
Microsoft Windows 10 1607
1 Metasploit module
5 Github repositories
2 Articles
7.5
CVSSv3
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, US...
Zyxel Usg Flex 100w Firmware
Zyxel Usg Flex 200 Firmware
Zyxel Usg Flex 500 Firmware
Zyxel Usg Flex 700 Firmware
Zyxel Vpn100 Firmware
Zyxel Vpn1000 Firmware
Zyxel Vpn300 Firmware
Zyxel Vpn50 Firmware
Zyxel Atp100 Firmware
Zyxel Atp100w Firmware
Zyxel Atp200 Firmware
Zyxel Atp500 Firmware
Zyxel Atp700 Firmware
Zyxel Atp800 Firmware
Zyxel Usg Flex 50w Firmware
Zyxel Usg20w-vpn Firmware
1 Metasploit module
17 Github repositories
7.2
CVSSv3
CVE-2022-24734
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change S...
Mybb Mybb
1 Metasploit module
2 Github repositories
NA
CVE-2008-5700
libata in the Linux kernel prior to 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
Linux Linux Kernel 2.6.25.4
Linux Linux Kernel 2.6.25.11
Linux Linux Kernel 2.6.18
Linux Linux Kernel 2.6.25.9
Linux Linux Kernel 2.6.22.15
Linux Linux Kernel 2.6.27.3
Linux Linux Kernel 2.6.27.1
Linux Linux Kernel 2.6.24.7
Linux Linux Kernel 2.6.23.13
Linux Linux Kernel 2.6.24.2
Linux Linux Kernel 2.4.36.6
Linux Linux Kernel 2.6.26.5
Linux Linux Kernel 2.6.22.21
Linux Linux Kernel 2.6.25.12
Linux Linux Kernel 2.6.25.5
Linux Linux Kernel 2.6.23.8
Linux Linux Kernel 2.6.25
Linux Linux Kernel 2.6.22.12
Linux Linux Kernel 2.6.25.8
Linux Linux Kernel 2.6.21.6
Linux Linux Kernel 2.6.26.6
Linux Linux Kernel 2.4.36.2
7.5
CVSSv3
CVE-2022-41723
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Golang Go
Golang Go 1.20.0
Golang Http2
Golang Hpack
2 Github repositories
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
162 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7