Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2022-29256
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the...
Sharp Project Sharp
7.4
CVSSv3
CVE-2017-7272
PHP up to and including 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in th...
Php Php
4.9
CVSSv3
CVE-2022-2926
The Download Manager WordPress plugin prior to 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
Adobe Download Manager
5.5
CVSSv3
CVE-2017-7275
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote malicious users to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862...
Imagemagick Imagemagick 7.0.4-9
9.8
CVSSv3
CVE-2022-29264
An issue exists in coreboot 4.13 up to and including 4.16. On APs, arbitrary code execution in SMM may occur.
Coreboot Coreboot
6.5
CVSSv3
CVE-2022-29269
In Nagios XI up to and including 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2017-7279
An unprivileged user of the Unitrends Enterprise Backup prior to 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
Unitrends Enterprise Backup
8.8
CVSSv3
CVE-2017-7281
An issue exists in Unitrends Enterprise Backup prior to 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled ...
Unitrends Enterprise Backup
9.8
CVSSv3
CVE-2022-2927
Weak Password Requirements in GitHub repository notrinos/notrinoserp before 0.7.
Notrinos Notrinoserp
8.8
CVSSv3
CVE-2017-7284
An attacker that has hijacked a Unitrends Enterprise Backup (prior to 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.
Unitrends Enterprise Backup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »