Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-member vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a pos...
Mattermost Mattermost
NA
CVE-2023-6547
Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, g...
Mattermost Mattermost Server
4
CVSSv2
CVE-2017-14023
An Improper Input Validation issue exists in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the admini...
Siemens Simatic Pcs7 8.1
Siemens Simatic Wincc 7.3
Siemens Simatic Pcs7 8.2
4.3
CVSSv2
CVE-2008-5361
The ActionScript 2 virtual machine in Adobe Flash Player 10.x prior to 10.0.12.36 and 9.x prior to 9.0.151.0, and Adobe AIR prior to 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspec...
Adobe Air
Adobe Flash Player
6
CVSSv2
CVE-2007-1354
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 prior to 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition an...
Jboss Jboss Application Server 4.0.2.ga Cp02
Jboss Jboss Application Server 4.0.2.ga Cp03
Jboss Jboss Application Server 4.0.2.ga Cp04
Jboss Jboss Application Server 4.0.5.ga
Jboss Jboss Application Server 4.0.5 Cp01
Jboss Jboss Application Server 4.0.5 Cp02
4.3
CVSSv2
CVE-2018-1278
Apps Manager included in Pivotal Application Service, versions 1.12.x before 1.12.22, 2.0.x before 2.0.13, and 2.1.x before 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discov...
Pivotal Software Pivotal Application Service
6.8
CVSSv2
CVE-2010-1109
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an inf...
Djayp Phpmysport 1.4
1 EDB exploit
NA
CVE-2024-25149
Liferay Portal 7.2.0 up to and including 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of th...
NA
CVE-2024-1519
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 du...
5
CVSSv2
CVE-2019-20175
An issue exists in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 up to and including 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must b...
Qemu Qemu
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »