Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abuse vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-40776
Adobe Lightroom Classic 10.3 (and previous versions) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product in...
Adobe Lightroom
8.2
CVSSv3
CVE-2024-23681
Artemis Java Test Sandbox versions prior to 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed cod...
Ls1intum Artemis Java Test Sandbox
8.2
CVSSv3
CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Ls1intum Artemis Java Test Sandbox
4.7
CVSSv3
CVE-2022-29800
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-...
Microsoft Windows Defender For Endpoint -
2 Github repositories
1 Article
6.1
CVSSv3
CVE-2020-13992
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A Stored XSS issue allows remote unauthenticated malicious users to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.
Mods-for-hesk Mods For Hesk
6.5
CVSSv3
CVE-2022-3433
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
Haskell Aeson
6.6
CVSSv3
CVE-2021-36043
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code exe...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
5.4
CVSSv3
CVE-2022-30289
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI up to and including 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.
Citeum Opencti
7.3
CVSSv3
CVE-2021-40708
Adobe Genuine Service versions 7.3 (and previous versions) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction ...
Adobe Genuine Service
8.8
CVSSv3
CVE-2020-26678
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution.
Vfairs Vfairs 3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »