Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2546
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value...
Wp User Switch Project Wp User Switch
2 Github repositories
NA
CVE-2023-28487
Sudo prior to 1.9.13 does not escape control characters in sudoreplay output.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
NA
CVE-2023-25824
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU ...
Mod Gnutls Project Mod Gnutls
2.1
CVSSv2
CVE-2018-20105
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local malicious users to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt version...
Yast2-rmt Project Yast2-rmt
Opensuse Leap 15.0
Suse Suse Linux Enterprise Server 15
NA
CVE-2023-1498
A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to lau...
Responsive Hotel Site Project Responsive Hotel Site 1.0
3.6
CVSSv2
CVE-2017-15111
keycloak-httpd-client-install versions prior to 0.8 insecurely creates temporary file allowing local malicious users to overwrite other files via symbolic link.
Keycloak-httpd-client-install Project Keycloak-httpd-client-install
NA
CVE-2023-5199
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file ...
Php To Page Project Php To Page
6.8
CVSSv2
CVE-2016-7143
The m_authenticate function in modules/m_sasl.c in Charybdis prior to 3.5.3 allows remote malicious users to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Debian Debian Linux 8.0
Charybdis Project Charybdis
NA
CVE-2023-2027
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthe...
Zm Ajax Login & Register Project Zm Ajax Login & Register
4.3
CVSSv2
CVE-2019-7639
An issue exists in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Gsi-openssh Project Gsi-openssh 7.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »