Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-link vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-31129
The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND p...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2022-25315
In Expat (aka libexpat) prior to 2.4.5, there is an integer overflow in storeRawNames.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
9.8
CVSSv3
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) prior to 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
9.8
CVSSv3
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) prior to 2.4.5 allows malicious users to insert namespace-separator characters into namespace URIs.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
9.8
CVSSv3
CVE-2020-0901
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Microsoft 365 Apps -
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Microsoft Office 2019
9.8
CVSSv3
CVE-2014-2595
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote malicious users to bypass authentication by leveraging a permanent authentication token obtained from a query string.
Barracuda Web Application Firewall 7.8.1.013
1 EDB exploit
9.8
CVSSv3
CVE-2019-18623
Escalation of privileges in EnergyCAP 7 up to and including 7.5.6 allows an malicious user to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
Energycap Energycap
9.8
CVSSv3
CVE-2018-20718
In Pydio prior to 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of su...
Pydio Pydio
1 Github repository
9.8
CVSSv3
CVE-2018-11545
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.
Md4c Project Md4c 0.2.5
9.8
CVSSv3
CVE-2016-6531
Open Dental 16.1 and previous versions has a hardcoded MySQL root password, which allows remote malicious users to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is f...
Opendental Opendental
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »