Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nick decker vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
Dolibarr Dolibarr Erp\\/crm 13.0.2
8.1
CVSSv3
CVE-2021-32612
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
I-doo Veryfitpro 3.2.8
9.8
CVSSv3
CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Dolibarr Dolibarr Erp\\/crm 13.0.2
5.3
CVSSv3
CVE-2020-28208
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat up to and including 3.9.1.
Rocket.chat Rocket.chat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started