Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
high-tech bridge vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-6544
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop prior to 2.2.0-2459 allows remote malicious users to inject arbitrary web script or HTML via a dashboard title.
Combodo Itop
7.5
CVSSv3
CVE-2014-1631
Eventum prior to 2.3.5 allows remote malicious users to reinstall the application via direct request to /setup/index.php.
Eventum Project Eventum
2 EDB exploits
8.1
CVSSv3
CVE-2014-1632
htdocs/setup/index.php in Eventum prior to 2.3.5 allows remote malicious users to inject and execute arbitrary PHP code via the hostname parameter.
Eventum Project Eventum
1 EDB exploit
7.5
CVSSv3
CVE-2015-3302
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress prior to 1.3.9.3 allows remote malicious users to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
Thecartpress Thecartpress Ecommerce Shopping Cart
1 EDB exploit
7.2
CVSSv3
CVE-2015-5533
SQL injection vulnerability in counter-options.php in the Count Per Day plugin prior to 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged u...
Count Per Day Project Count Per Day
1 EDB exploit
6.1
CVSSv3
CVE-2015-5532
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin prior to 1.8.4.3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.ph...
Strangerstudios Paid Memberships Pro
6.1
CVSSv3
CVE-2015-8354
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin prior to 1.3.29 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
Ultimatemember Ultimate Member
6.1
CVSSv3
CVE-2015-8350
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin prior to 2.5.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-...
Inboundnow Call To Action
6.1
CVSSv3
CVE-2015-8349
Cross-site scripting (XSS) vulnerability in SourceBans prior to 2.0 pre-alpha allows remote malicious users to inject arbitrary web script or HTML via the advSearch parameter to index.php.
Gameconnect Sourcebans
9
CVSSv3
CVE-2015-8351
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin prior to 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: t...
Gwolle Guestbook Project Gwolle Guestbook
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »