Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abuse vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2019-12794
An issue exists in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of...
Misp Misp 2.4.108
4
CVSSv2
CVE-2021-36039
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive infor...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
7.5
CVSSv2
CVE-2020-15362
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.
Thingssdk Wifiscanner 1.0.1
NA
CVE-2022-1663
The Stop Spam Comments WordPress plugin up to and including 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.
Stop Spam Comments Project Stop Spam Comments
7.5
CVSSv2
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
1 Github repository
4
CVSSv2
CVE-2019-17549
ESET Cyber Security prior to 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack.
Eset Cyber Security
2 Github repositories
7.5
CVSSv2
CVE-2021-34371
Neo4j up to and including 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...
Neo4j Neo4j
1 Github repository
9.3
CVSSv2
CVE-2022-1362
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
NA
CVE-2024-3507
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 up to and including 6.6.0. This vulnerability allows an malicious user to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user inf...
5
CVSSv2
CVE-2000-0960
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote malicious users to determine valid users on the system and harvest email addresses for spam abuse.
Netscape Messaging Server 4.15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »