Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
edge vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and previous versions could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not...
Mitel Mivoice Connect
9.8
CVSSv3
CVE-2023-23059
An issue exists in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows malicious users to execute arbitrary code and gain escalated privileges.
Geovision Gv-edge Recording Manager 2.2.3.0
9.8
CVSSv3
CVE-2023-27488
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components ...
Envoyproxy Envoy
9.8
CVSSv3
CVE-2022-2825
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The iss...
Ptc Thingworx Industrial Connectivity -
Ptc Thingworx Kepware Edge
Ptc Opc-aggregator
Ptc Kepware Kepserverex
Softwaretoolbox Top Server
Rockwellautomation Kepserver Enterprise
Ptc Thingworx Kepware Server
Ge Industrial Gateway Server
9.8
CVSSv3
CVE-2023-0755
The affected products are vulnerable to an improper validation of array index, which could allow an malicious user to crash the server and remotely execute arbitrary code.
Ptc Thingworx Industrial Connectivity -
Rockwellautomation Kepserver Enterprise
Ptc Thingworx Kepware Edge
Ptc Thingworx .net-sdk
Ptc Thingworx Edge C-sdk
Ptc Thingworx Edge Microserver
Ptc Kepware Serverex
Ge Digital Industrial Gateway Server
Ptc Kepware Server
9.8
CVSSv3
CVE-2023-0754
The affected products are vulnerable to an integer overflow or wraparound, which could allow an malicious user to crash the server and remotely execute arbitrary code.
Rockwellautomation Kepserver Enterprise
Ptc Thingworx Kepware Edge
Ptc Thingworx .net-sdk
Ptc Thingworx Edge C-sdk
Ptc Thingworx Edge Microserver
Ptc Kepware Serverex
Ge Digital Industrial Gateway Server
Ptc Kepware Server
Ptc Thingworx Industrial Connectivity
9.8
CVSSv3
CVE-2022-22730
Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Intel Edge Insights For Industrial
9.8
CVSSv3
CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Vmware Spring Cloud Function
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Banking Cash Management 14.5
Oracle Banking Trade Finance Process Management 14.5
Oracle Banking Credit Facilities Process Management 14.5
Oracle Banking Corporate Lending Process Management 14.5
Oracle Banking Supply Chain Finance 14.5
Oracle Sd-wan Edge 9.1
Oracle Banking Liquidity Management 14.5
Oracle Banking Liquidity Management 14.2
Oracle Banking Virtual Account Management 14.5
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Communications Policy Management 12.6.0.0.0
61 Github repositories
3 Articles
9.8
CVSSv3
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
171 Github repositories
7 Articles
9.8
CVSSv3
CVE-2022-21654
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are u...
Envoyproxy Envoy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »