Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abuse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2169
Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.
1 Github repository
1 Article
7.5
CVSSv3
CVE-2019-3404
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.
360 P0 Router Firmware 3.1.1.65150
360 F5c Router Firmware 3.1.1.65150
8.8
CVSSv3
CVE-2018-9064
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.
Lenovo Xclarity Administrator
7.2
CVSSv3
CVE-2019-11848
An API abuse vulnerability exists in the AT command API of ALEOS prior to 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
Sierrawireless Aleos
8.8
CVSSv3
CVE-2019-6452
Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote malicious users to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.
Kyocera Command Center Rx -
8.8
CVSSv3
CVE-2023-6866
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.
Mozilla Firefox
9.8
CVSSv3
CVE-2023-2713
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: prior to 23.05.15.
Rental Module Project Rental Module
7.5
CVSSv3
CVE-2022-4794
The AAWP WordPress plugin prior to 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.
Getaawp Amazon Affiliate Wordpress Plugin
9.8
CVSSv3
CVE-2023-3632
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: prior to 6.2.3.
Kunduz Kunduz
9.8
CVSSv3
CVE-2021-3832
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
Artica Integria Ims 5.0.92
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »