Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-5618
A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
A-pdf Wav To Mp3 1.0.0
9.8
CVSSv3
CVE-2015-2885
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
Lens Laboratories Peek-a-view Firmware -
7.5
CVSSv3
CVE-2022-26675
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.
Aenrich A\\+hrd 6.8
9.8
CVSSv3
CVE-2022-26676
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.
Aenrich A\\+hrd 6.8
NA
CVE-2006-2948
A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote malicious users to obtain username and password information.
Alan Ward A-cart
5.4
CVSSv3
CVE-2021-24420
The Request a Quote WordPress plugin prior to 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.
Emarketdesign Request A Quote
5.3
CVSSv3
CVE-2018-19440
ARM Trusted Firmware-A allows information disclosure.
Arm Trusted Firmware-a
6.5
CVSSv3
CVE-2016-1178
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and previous versions allows remote malicious users to obtain or modify sensitive data via unspecified vectors.
Appleple A-blog Cms
NA
CVE-2001-0370
fcheck before 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
Michael A. Gumienny Fcheck
6.1
CVSSv3
CVE-2016-1179
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML.
Appleple A-blog Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »