Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
make vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2019-12477
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local malicious user to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
Supra Stv-lc40lt0020f Firmware -
1 EDB exploit
2 Articles
NA
CVE-2005-0197
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote malicious users to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
Cisco Ios 12.1t
Cisco Ios 12.2
Cisco Ios 12.2t
Cisco Ios 12.3
Cisco Ios 12.3t
NA
CVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x prior to 5.2.4.1, 5.3.x prior to 5.3.2.1, and 5.4.x prior to 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 up to and including 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3R...
Juniper Session And Resource Control 2.0
Juniper Src Pe 1.0
Juniper Session And Resource Control 1.0
Juniper Src Pe 2.0
1 EDB exploit
6.5
CVSSv3
CVE-2019-5786
Object lifetime issue in Blink in Google Chrome before 72.0.3626.121 allowed a remote malicious user to potentially perform out of bounds memory access via a crafted HTML page.
Google Chrome
Google Puppeteer
1 EDB exploit
5 Github repositories
2 Articles
4.3
CVSSv3
CVE-2021-24818
The WP Limits WordPress plugin up to and including 1.0 does not have CSRF check when saving its settings, allowing malicious user to make a logged in admin change them, which could make the blog unstable by setting low values
Wp Limits Project Wp Limits
4.3
CVSSv3
CVE-2022-1793
The Private Files WordPress plugin up to and including 0.40 is missing CSRF check when disabling the protection, which could allow malicious users to make a logged in admin perform such action via a CSRF attack and make the blog public
Private Files Project Private Files 0.40
NA
CVE-2011-2786
Google Chrome prior to 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote malicious users to make audio recordings via a crafted web page containing an INPUT element.
Google Chrome
9.8
CVSSv3
CVE-2023-0017
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and da...
Sap Netweaver Application Server For Java 7.50
8.1
CVSSv3
CVE-2021-24823
The Support Board WordPress plugin prior to 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow malicious users to make logged in users do unwanted actions. For example, make an admin delete arbitrary files
Schiocco Support Board
NA
CVE-2007-5377
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Gnu Tramp 2.1.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »