Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abuse abuse vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2019-14826
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Freeipa Freeipa
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
2 Github repositories
6.5
CVSSv3
CVE-2022-1663
The Stop Spam Comments WordPress plugin up to and including 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.
Stop Spam Comments Project Stop Spam Comments
6.5
CVSSv3
CVE-2019-17549
ESET Cyber Security prior to 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack.
Eset Cyber Security
2 Github repositories
6.5
CVSSv3
CVE-2021-36039
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive infor...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
9.8
CVSSv3
CVE-2020-15362
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.
Thingssdk Wifiscanner 1.0.1
9.8
CVSSv3
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
1 Github repository
9.8
CVSSv3
CVE-2021-34371
Neo4j up to and including 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...
Neo4j Neo4j
1 Github repository
5.4
CVSSv3
CVE-2018-6681
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and previous versions allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
Mcafee Network Security Manager
NA
CVE-2000-0960
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote malicious users to determine valid users on the system and harvest email addresses for spam abuse.
Netscape Messaging Server 4.15
NA
CVE-2024-3507
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 up to and including 6.6.0. This vulnerability allows an malicious user to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user inf...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »