Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
Recent vulnerabilities and exploits
9.8
CVSSv3
CVE-2022-41711
Badaso version 2.6.0 allows an unauthenticated remote malicious user to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
Uatech Badaso 2.6.0
6.5
CVSSv3
CVE-2022-41712
Frappe version 14.10.0 allows an external malicious user to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.
Frappe Frappe 14.10.0
5.3
CVSSv3
CVE-2022-41713
deep-object-diff version 1.1.0 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.
Deep-object-diff Project Deep-object-diff 1.1.0
5.3
CVSSv3
CVE-2022-41714
fastest-json-copy version 1.0.1 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Fastest-json-copy Project Fastest-json-copy 1.0.1
7.5
CVSSv3
CVE-2022-41715
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively sm...
Golang Go
7.5
CVSSv3
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can ex...
Golang Go
5.3
CVSSv3
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s...
Golang Go
Golang Http2
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
7.5
CVSSv3
CVE-2022-41719
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.
Messagepack Project Messagepack
6.5
CVSSv3
CVE-2022-4172
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory devic...
Qemu Qemu 7.0.0
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-41720
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp...
Golang Go
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »