Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
make vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2021-24823
The Support Board WordPress plugin prior to 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow malicious users to make logged in users do unwanted actions. For example, make an admin delete arbitrary files
Schiocco Support Board
NA
CVE-2023-0017
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and da...
Sap Netweaver Application Server For Java 7.50
NA
CVE-2024-26753
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeof(struct virtio_crypto_akcipher_session_para) is less than sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from stack variable leads sta...
NA
CVE-2023-24517
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an malicious user to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prio...
Pandorafms Pandora Fms
1 Github repository
4.6
CVSSv2
CVE-2019-2215
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerabi...
Google Android -
2 EDB exploits
31 Github repositories
2 Articles
7.5
CVSSv2
CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
Kubernetes Kubernetes 1.5.2
Kubernetes Kubernetes 1.5.1
Kubernetes Kubernetes 1.5.3
Kubernetes Kubernetes 1.5.4
Kubernetes Kubernetes 1.5.0
3.6
CVSSv2
CVE-2012-3738
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS prior to 6 does not properly limit the dialing methods, which allows physically proximate malicious users to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain s...
Apple Iphone Os 1.1.1
Apple Iphone Os 1.1.2
Apple Iphone Os 2.1
Apple Iphone Os 2.1.1
Apple Iphone Os 3.1.3
Apple Iphone Os 3.2.1
Apple Iphone Os 4.2.5
Apple Iphone Os 4.2.8
Apple Iphone Os 5.0.1
Apple Iphone Os 5.1
Apple Iphone Os 1.0.0
Apple Iphone Os 1.0.1
Apple Iphone Os 1.1.5
Apple Iphone Os 2.0
Apple Iphone Os 3.0
Apple Iphone Os 3.0.1
Apple Iphone Os 4.0.1
Apple Iphone Os 4.0.2
Apple Iphone Os 4.3.2
Apple Iphone Os 4.3.3
Apple Iphone Os 1.0.2
Apple Iphone Os 1.1.0
NA
CVE-2022-35136
Boodskap IoT Platform v4.4.9-02 allows malicious users to make unauthenticated API requests.
Boodskap Iot Platform 4.4.9-02
NA
CVE-2023-32980
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows malicious users to make another user stop watching an attacker-specified job.
Jenkins Email Extension
5
CVSSv2
CVE-2018-19879
An issue exists in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimit...
Teltonika Rut950 Firmware R 31.04.89
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »