Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anchor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34245
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs ...
Udecode Plate
445
VMScore
CVE-2009-4008
Unbound prior to 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote malicious users to cause a denial of service (DNSSEC outage) via a crafted query.
Nlnetlabs Unbound 1.0.1
Nlnetlabs Unbound 1.0.2
Nlnetlabs Unbound 0.8
Nlnetlabs Unbound 0.7.2
Nlnetlabs Unbound 1.4.1
Nlnetlabs Unbound 1.4.0
Nlnetlabs Unbound 1.3.4
Nlnetlabs Unbound 1.4.2
Nlnetlabs Unbound 1.2.0
Nlnetlabs Unbound 1.0.0
Nlnetlabs Unbound 0.7.1
Nlnetlabs Unbound 1.1.1
Nlnetlabs Unbound 0.6
Nlnetlabs Unbound 0.4
Nlnetlabs Unbound 1.3.0
Nlnetlabs Unbound 1.3.1
Nlnetlabs Unbound 1.3.2
Nlnetlabs Unbound 1.3.3
Nlnetlabs Unbound 0.10
Nlnetlabs Unbound 0.09
Nlnetlabs Unbound 0.2
Nlnetlabs Unbound 0.1
384
VMScore
CVE-2015-0812
Mozilla Firefox prior to 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle malicious users to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack agai...
Mozilla Firefox 36.0.4
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
446
VMScore
CVE-2017-9793
The REST Plugin in Apache Struts 2.1.x, 2.3.7 up to and including 2.3.33 and 2.5 up to and including 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
Apache Struts 2.5.10.1
Apache Struts 2.3.12
Apache Struts 2.3.13
Apache Struts 2.3.15.2
Apache Struts 2.3.15.3
Apache Struts 2.3.16
Apache Struts 2.3.20.1
Apache Struts 2.3.20.2
Apache Struts 2.3.26
Apache Struts 2.3.27
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.6
Apache Struts 2.3.8
Apache Struts 2.3.9
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.3
Apache Struts 2.3.17
Apache Struts 2.3.23
Apache Struts 2.3.24.2
Apache Struts 2.3.29
3 Github repositories
1 Article
445
VMScore
CVE-2017-9804
In Apache Struts 2.3.7 up to and including 2.3.33 and 2.5 up to and including 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing v...
Apache Struts 2.5.12
Apache Struts 2.3.7
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.3.21
Apache Struts 2.3.22
Apache Struts 2.3.28.1
Apache Struts 2.3.29
Apache Struts 2.5
Apache Struts 2.5.7
Apache Struts 2.5.8
Apache Struts 2.3.10
Apache Struts 2.3.11
Apache Struts 2.3.12
Apache Struts 2.3.15.1
Apache Struts 2.3.15.2
Apache Struts 2.3.19
Apache Struts 2.3.20
Apache Struts 2.3.25
Apache Struts 2.3.26
1 Github repository
1 Article
384
VMScore
CVE-2022-21672
make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those expl...
Linuxfromscratch Make-ca
668
VMScore
CVE-2015-0803
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox prior to 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote malicious users to execute arbitrary code or cause a de...
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mozilla Firefox
668
VMScore
CVE-2015-0804
The HTMLSourceElement::BindToTree function in Mozilla Firefox prior to 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote malicious users to execute arbitrary code or cause a denial of servi...
Mozilla Firefox
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
668
VMScore
CVE-2015-0805
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox prior to 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote malicious users to execute arbitrary code or ca...
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Mozilla Firefox
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
691
VMScore
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.3
Apache Struts 2.3.28
Apache Struts 2.3.28.1
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.10.1
Apache Struts 2.5.11
Apache Struts 2.1.2
Apache Struts 2.2.1
Apache Struts 2.2.1.1
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.15
Apache Struts 2.3.15.1
Apache Struts 2.3.20
1 EDB exploit
20 Github repositories
3 Articles
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »