Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ability server vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-1748
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely ...
Getnexx Nxal-100 Firmware
Getnexx Nxg-100b Firmware
Getnexx Nxpg-100w Firmware
Getnexx Nxg-200 Firmware
1 Article
10
CVSSv3
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
9 Github repositories
2 Articles
10
CVSSv3
CVE-2019-11510
In Pulse Secure Pulse Connect Secure (PCS) 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
Ivanti Connect Secure 9.0
Ivanti Connect Secure 8.2
Ivanti Connect Secure 8.3
1 EDB exploit
25 Github repositories
9 Articles
9.9
CVSSv3
CVE-2017-10352
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated ...
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.1.0
Oracle Weblogic Server 12.2.1.2.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.1.3.0.0
1 Github repository
9.8
CVSSv3
CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular num...
X.org Xwayland
X.org Xorg-server
Fedoraproject Fedora 39
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2023-49091
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulner...
Cosmos-cloud Cosmos Server 0.1.15
Cosmos-cloud Cosmos Server 0.1.16
Cosmos-cloud Cosmos Server 0.1.17
Cosmos-cloud Cosmos Server 0.2.0
Cosmos-cloud Cosmos Server 0.3.0
Cosmos-cloud Cosmos Server 0.3.1
Cosmos-cloud Cosmos Server 0.3.2
Cosmos-cloud Cosmos Server 0.3.3
Cosmos-cloud Cosmos Server 0.3.4
Cosmos-cloud Cosmos Server 0.3.5
Cosmos-cloud Cosmos Server 0.4.0
Cosmos-cloud Cosmos Server 0.4.1
Cosmos-cloud Cosmos Server 0.4.2
Cosmos-cloud Cosmos Server 0.4.3
Cosmos-cloud Cosmos Server 0.5.0
Cosmos-cloud Cosmos Server 0.5.1
Cosmos-cloud Cosmos Server 0.5.2
Cosmos-cloud Cosmos Server 0.5.3
Cosmos-cloud Cosmos Server 0.5.4
Cosmos-cloud Cosmos Server 0.5.5
Cosmos-cloud Cosmos Server 0.5.6
Cosmos-cloud Cosmos Server 0.5.7
9.8
CVSSv3
CVE-2023-3264
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to...
Cyberpower Powerpanel Server
Dataprobe Iboot-pdu4a-c10 Firmware
Dataprobe Iboot-pdu4a-c20 Firmware
Dataprobe Iboot-pdu4a-n15 Firmware
Dataprobe Iboot-pdu4a-n20 Firmware
Dataprobe Iboot-pdu4-c20 Firmware
Dataprobe Iboot-pdu4-n20 Firmware
Dataprobe Iboot-pdu4sa-c10 Firmware
Dataprobe Iboot-pdu4sa-c20 Firmware
Dataprobe Iboot-pdu4sa-n15 Firmware
Dataprobe Iboot-pdu4sa-n20 Firmware
Dataprobe Iboot-pdu8a-2c10 Firmware
Dataprobe Iboot-pdu8a-2c20 Firmware
Dataprobe Iboot-pdu8a-2n15 Firmware
Dataprobe Iboot-pdu8a-2n20 Firmware
Dataprobe Iboot-pdu8a-c10 Firmware
Dataprobe Iboot-pdu8a-c20 Firmware
Dataprobe Iboot-pdu8a-n15 Firmware
Dataprobe Iboot-pdu8a-n20 Firmware
Dataprobe Iboot-pdu8sa-2n15 Firmware
Dataprobe Iboot-pdu8sa-c10 Firmware
Dataprobe Iboot-pdu8sa-n15 Firmware
9.8
CVSSv3
CVE-2023-37470
Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core iss...
Metabase Metabase
9.8
CVSSv3
CVE-2023-1437
All versions before 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an malicious user to gain access to the remote file system and the...
Advantech Webaccess\\/scada
9.8
CVSSv3
CVE-2022-43939
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
1 Metasploit module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »