Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-34470
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.8
CVSSv3
CVE-2022-28173
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Hikvision Ds-3wf0ac-2nt Firmware
Hikvision Ds-3wf01c-2n\\/o Firmware
9.8
CVSSv3
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a...
Cacti Cacti
1 Metasploit module
42 Github repositories
9.8
CVSSv3
CVE-2022-40797
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
Roxyfileman Roxy Fileman 1.4.6
9.8
CVSSv3
CVE-2016-20016
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "...
Mvpower Tv-7104he Firmware 1.8.4 115215b9
Mvpower Tv7108he Firmware -
9.8
CVSSv3
CVE-2017-20149
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute ar...
Mikrotik Routeros
9.8
CVSSv3
CVE-2022-41352
An issue exists in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
4 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-20923
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote malicious user to bypass authentication controls and access the IPSec VPN network. This vulnerability is d...
Cisco Rv110w Firmware 1.0.3.55
Cisco Rv110w Firmware 1.2.2.8
Cisco Rv110w Firmware 1.3.1.7
Cisco Rv130 Firmware 1.0.3.55
Cisco Rv130 Firmware 1.2.2.8
Cisco Rv130 Firmware 1.3.1.7
Cisco Rv130w Firmware 1.0.3.55
Cisco Rv130w Firmware 1.2.2.8
Cisco Rv130w Firmware 1.3.1.7
Cisco Rv215w Firmware 1.0.3.55
Cisco Rv215w Firmware 1.2.2.8
Cisco Rv215w Firmware 1.3.1.7
1 Article
9.8
CVSSv3
CVE-2022-2104
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
Secheron Sepcos Control And Protection Relay Firmware
9.8
CVSSv3
CVE-2022-32535
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
Bosch Pra-es8p2s Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »