Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
script security vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-20205
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the inter...
Cisco Prime Infrastructure
Cisco Evolved Programmable Network Manager
6.1
CVSSv3
CVE-2023-20228
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient va...
Cisco Encs 5100 Firmware
Cisco Encs 5400 Firmware
Cisco Ucs C220 M5 Rack Server Firmware
Cisco Ucs E160s M3 Firmware
Cisco Ucs E180d M3 Firmware
Cisco Ucs-e1120d-m3 Firmware
6.1
CVSSv3
CVE-2023-20242
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow a...
Cisco Unified Communications Manager Im And Presence Service 11.5\\(1\\)
Cisco Unified Communications Manager Im And Presence Service 12.5\\(1\\)
Cisco Unified Communications Manager 12.5\\(1\\)
Cisco Unified Communications Manager Im And Presence Service 14.0
Cisco Unified Communications Manager 11.5\\(1\\)
Cisco Unified Communications Manager 14.0
4.3
CVSSv3
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Postgresql Postgresql
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 12.0
8.8
CVSSv3
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-...
Postgresql Postgresql
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Enterprise Linux 9.0
Debian Debian Linux 8.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
6.1
CVSSv3
CVE-2023-20181
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote malicious user to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based managem...
Cisco Spa500ds Firmware -
Cisco Spa500s Firmware -
Cisco Spa501g Firmware -
Cisco Spa502g Firmware -
Cisco Spa504g Firmware -
Cisco Spa508g Firmware -
Cisco Spa509g Firmware -
Cisco Spa512g Firmware -
Cisco Spa514g Firmware -
Cisco Spa525 Firmware -
Cisco Spa525g Firmware -
Cisco Spa525g2 Firmware -
5.4
CVSSv3
CVE-2023-20204
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-b...
Cisco Broadworks Application Delivery Platform
Cisco Broadworks Xtended Services Platform
Cisco Broadworks Application Server
6.3
CVSSv3
CVE-2023-3739
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS before 115.0.5790.131 allowed a remote malicious user to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
Google Chrome
5.3
CVSSv3
CVE-2023-3817
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.2j
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2g
Openssl Openssl 1.0.2h
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2f
Openssl Openssl 1.0.2i
Openssl Openssl 1.0.2d
Openssl Openssl 1.0.2k
Openssl Openssl 1.0.2l
Openssl Openssl 1.0.2m
Openssl Openssl 1.0.2zb
Openssl Openssl 1.0.2n
Openssl Openssl 1.0.2o
Openssl Openssl 1.0.2p
Openssl Openssl 1.0.2q
Openssl Openssl 1.0.2r
Openssl Openssl 1.0.2s
Openssl Openssl 1.0.2t
1 Github repository
5.4
CVSSv3
CVE-2023-3384
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an malicious user to pub...
Redhat Quay 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »