Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security cloud vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-42442
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud st...
Fit2cloud Jumpserver
5 Github repositories
NA
CVE-2023-35355
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 11 22h2
Microsoft Windows 10 1809
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
NA
CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome before 116.0.5845.187 and libwebp 1.3.2 allowed a remote malicious user to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Google Chrome
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Microsoft Edge
Webmproject Libwebp
20 Github repositories
5 Articles
NA
CVE-2023-41058
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the i...
Parseplatform Parse-server
NA
CVE-2023-40593
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.
Splunk Splunk Cloud Platform
Splunk Splunk
NA
CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and be...
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Assetexplorer 7.0
Zohocorp Manageengine Cloud Security Plus 4.1
Zohocorp Manageengine Cloud Security Plus
Zohocorp Manageengine Datasecurity Plus 6.1
Zohocorp Manageengine Datasecurity Plus
Zohocorp Manageengine Eventlog Analyzer 12.3.0
Zohocorp Manageengine Eventlog Analyzer
Zohocorp Manageengine Exchange Reporter Plus 5.7
Zohocorp Manageengine Exchange Reporter Plus
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.3
Zohocorp Manageengine Log360 Ueba 4.0
Zohocorp Manageengine M365 Manager Plus 4.5
Zohocorp Manageengine M365 Manager Plus
NA
CVE-2023-26271
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote malicious user to brute force account credentials. IBM X-Force ID: 248126.
Ibm Guardium Cloud Key Manager
NA
CVE-2023-26272
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote malicious user to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against ...
Ibm Guardium Cloud Key Manager
NA
CVE-2023-26270
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote malicious user to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vu...
Ibm Guardium Cloud Key Manager
NA
CVE-2023-20212
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could ex...
Cisco Secure Endpoint Private Cloud
Cisco Secure Endpoint
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »