Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-47577
An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password.
Relyum Rely-pcie Firmware 22.2.1
Relyum Rely-rec Firmware 23.1.0
9.8
CVSSv3
CVE-2023-48417
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application
Google Chromecast Firmware
9.8
CVSSv3
CVE-2023-49091
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulner...
Cosmos-cloud Cosmos Server 0.1.15
Cosmos-cloud Cosmos Server 0.1.16
Cosmos-cloud Cosmos Server 0.1.17
Cosmos-cloud Cosmos Server 0.2.0
Cosmos-cloud Cosmos Server 0.3.0
Cosmos-cloud Cosmos Server 0.3.1
Cosmos-cloud Cosmos Server 0.3.2
Cosmos-cloud Cosmos Server 0.3.3
Cosmos-cloud Cosmos Server 0.3.4
Cosmos-cloud Cosmos Server 0.3.5
Cosmos-cloud Cosmos Server 0.4.0
Cosmos-cloud Cosmos Server 0.4.1
Cosmos-cloud Cosmos Server 0.4.2
Cosmos-cloud Cosmos Server 0.4.3
Cosmos-cloud Cosmos Server 0.5.0
Cosmos-cloud Cosmos Server 0.5.1
Cosmos-cloud Cosmos Server 0.5.2
Cosmos-cloud Cosmos Server 0.5.3
Cosmos-cloud Cosmos Server 0.5.4
Cosmos-cloud Cosmos Server 0.5.5
Cosmos-cloud Cosmos Server 0.5.6
Cosmos-cloud Cosmos Server 0.5.7
9.8
CVSSv3
CVE-2023-49313
A dylib injection vulnerability in XMachOViewer 0.04 allows malicious users to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.
Horsicq Xmachoviewer 0.04
1 Github repository
9.8
CVSSv3
CVE-2023-2449
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The func...
Userproplugin Userpro
9.8
CVSSv3
CVE-2023-37924
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0....
Apache Submarine
9.8
CVSSv3
CVE-2023-4214
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.
Apppresser Apppresser
9.8
CVSSv3
CVE-2023-48648
Concrete CMS prior to 8.5.13 and 9.x prior to 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions c...
Concretecms Concrete Cms
9.8
CVSSv3
CVE-2023-48031
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the ma...
Opensupports Opensupports 4.11.0
9.8
CVSSv3
CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized ac...
Ivanti Endpoint Manager Mobile
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »