Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sec-consult.com vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2013-4672
The management console on the Symantec Web Gateway (SWG) appliance prior to 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.
Symantec Web Gateway
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.3
Symantec Web Gateway 5.0.3.18
Symantec Web Gateway Appliance 8450 -
Symantec Web Gateway Appliance 8490 -
445
VMScore
CVE-2016-1234
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) prior to 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent malicious users to cause a denial of service (crash) via a long name.
Gnu Glibc
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Fedoraproject Fedora 23
605
VMScore
CVE-2014-5217
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x prior to 4.1 allows remote malicious users to hijack the authentication of administrators for requests that change the administrative passw...
Microfocus Access Manager 4.0
Microfocus Access Manager 4.0.1
NA
CVE-2023-4296
?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the malicious user to inject arbitrary code to be executed in the browser on the target device.
Intland Codebeamer 21.09.0
Intland Codebeamer 22.04.0
Intland Codebeamer 22.10.0
605
VMScore
CVE-2018-7801
A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and previous versions, which could enable access with maximum privileges when a remote code execution is performed.
Schneider-electric Evlink Parking Firmware
NA
CVE-2023-31285
An XSS issue exists in Serenity Serene (and StartSharp) prior to 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator us...
Serenity Serene
Serenity Startsharp
NA
CVE-2023-31286
An issue exists in Serenity Serene (and StartSharp) prior to 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.
Serenity Serene
Serenity Startsharp
NA
CVE-2023-31287
An issue exists in Serenity Serene (and StartSharp) prior to 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of t...
Serenity Serene
Serenity Startsharp
383
VMScore
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
Umbraco Umbraco Cms 8.2.2
NA
CVE-2022-44012
An issue exists in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager prior to 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and m...
Simmeth Lieferantenmanager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »