Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-24766
The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin prior to 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow malicious user to make a logged in admin delete all of them via a CSRF attack
404 To 301 Project 404 To 301
6.8
CVSSv2
CVE-2007-5642
Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and previous versions allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) mo...
Phppm Php Project Management
1 EDB exploit
4
CVSSv2
CVE-2020-15228
In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the pat...
Toolkit Project Toolkit
2 Github repositories
6.8
CVSSv2
CVE-2007-5641
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax...
Phppm Php Project Management
1 EDB exploit
NA
CVE-2023-7116
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os co...
Datax-web Project Datax-web 2.1.2
3.5
CVSSv2
CVE-2021-25115
The WP Photo Album Plus WordPress plugin prior to 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
Wp Photo Album Plus Project Wp Photo Album Plus
NA
CVE-2023-25824
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU ...
Mod Gnutls Project Mod Gnutls
NA
CVE-2023-2546
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value...
Wp User Switch Project Wp User Switch
2 Github repositories
NA
CVE-2023-28487
Sudo prior to 1.9.13 does not escape control characters in sudoreplay output.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
6.8
CVSSv2
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows malicious users to log in as any user without knowing their password.
Pysaml2 Project Pysaml2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »