Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abuse vulnerabilities and exploits
(subscribe to this query)
6.6
CVSSv2
CVE-2021-40776
Adobe Lightroom Classic 10.3 (and previous versions) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product in...
Adobe Lightroom
5
CVSSv2
CVE-2021-36044
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-serv...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
5
CVSSv2
CVE-2019-18987
An issue exists in the AbuseFilter extension up to and including 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter...
Mediawiki Abusefilter
NA
CVE-2023-49076
Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.
Pimcore Pimcore
NA
CVE-2022-29800
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-...
Microsoft Windows Defender For Endpoint -
2 Github repositories
1 Article
NA
CVE-2024-23682
Artemis Java Test Sandbox versions prior to 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Ls1intum Artemis Java Test Sandbox
3.5
CVSSv2
CVE-2022-30289
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI up to and including 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.
Citeum Opencti
6.5
CVSSv2
CVE-2020-26678
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution.
Vfairs Vfairs 3.3
6
CVSSv2
CVE-2021-40708
Adobe Genuine Service versions 7.3 (and previous versions) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction ...
Adobe Genuine Service
6
CVSSv2
CVE-2021-36043
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code exe...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »