Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sub vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-24897
The Add Subtitle WordPress plugin up to and including 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
Viitorcloud Add Subtitle
7.8
CVSSv3
CVE-2016-3943
Panda Endpoint Administration Agent prior to 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
Watchguard Panda Endpoint Administration Agent
1 EDB exploit
7.5
CVSSv3
CVE-2018-12079
The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" is...
Substratum Substratum -
NA
CVE-2011-3391
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu.
Ibm Rational Build Forge 7.1.2
8.8
CVSSv3
CVE-2014-9502
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x prior to 7.x-2.26 for Drupal allow remote malicious users to hijack the authentication of unknown victims via vectors related to menu callbacks.
Open Atrium Project Open Atrium 7.x-2.0
Open Atrium Project Open Atrium
NA
CVE-2011-4030
The CMFEditions component 2.x in Plone 4.0.x up to and including 4.0.9, 4.1, and 4.2 up to and including 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote malicious users to access sub-objects via unspecified vectors, a different vulner...
Plone Cmfeditions 2.0b6
Plone Cmfeditions 2.0b7
Plone Cmfeditions 2.0b8
Plone Plone 4.0.4
Plone Plone 4.0.6.1
Plone Plone 4.2a1
Plone Cmfeditions 2.0a1
Plone Cmfeditions 2.0b1
Plone Cmfeditions 2.0b9
Plone Plone 4.0.1
Plone Plone 4.0.7
Plone Plone 4.0.9
Plone Cmfeditions 2.0b4
Plone Cmfeditions 2.0b5
Plone Plone 4.0.5
Plone Plone 4.0
Plone Plone 4.2a2
Plone Plone 4.2
Plone Cmfeditions 2.0b2
Plone Cmfeditions 2.0b3
Plone Plone 4.0.3
Plone Plone 4.0.2
5.5
CVSSv3
CVE-2023-6039
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local malicious user to crash the system when the LAN78XX USB device detaches.
Linux Linux Kernel 6.5
Linux Linux Kernel
6.5
CVSSv3
CVE-2023-38691
matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provision...
Matrix Matrix-appservice-bridge
Matrix Matrix-appservice-bridge 9.0.0
NA
CVE-2004-2545
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote malicious users to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring ...
Securecomputing Sidewinder G2 6.1.0.01
NA
CVE-2005-3294
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote malicious users to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
Typsoft Typsoft Ftp Server
3 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »