Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
abuse vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-6681
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and previous versions allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
Mcafee Network Security Manager
NA
CVE-2023-5376
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
Korenix Jetnet 5310g Firmware 2.6
Korenix Jetnet 4508 Firmware 2.3
Korenix Jetnet 4508i-w Firmware 1.3
Korenix Jetnet 4508-w Firmware 2.3
Korenix Jetnet 4508if-s Firmware 1.3
Korenix Jetnet 4508if-m Firmware 1.3
Korenix Jetnet 4508if-sw Firmware 1.3
Korenix Jetnet 4508if-mw Firmware 1.3
Korenix Jetnet 4508f-m Firmware 2.3
Korenix Jetnet 4508f-s Firmware 2.3
Korenix Jetnet 4508f-mw Firmware 2.3
Korenix Jetnet 4508f-sw Firmware 2.3
Korenix Jetnet 5620g-4c Firmware 1.1
Korenix Jetnet 5612gp-4f Firmware 1.2
Korenix Jetnet 5612g-4f Firmware 1.2
Korenix Jetnet 5728g-24p-ac-2dc-us Firmware 2.1
Korenix Jetnet 5728g-24p-ac-2dc-eu Firmware 2.1
Korenix Jetnet 6528gf-2ac-eu Firmware 1.0
Korenix Jetnet 6528gf-2ac-us Firmware 1.0
Korenix Jetnet 6528gf-2dc24 Firmware 1.0
Korenix Jetnet 6528gf-2dc48 Firmware 1.0
Korenix Jetnet 6528gf-ac-eu Firmware 1.0
6.8
CVSSv2
CVE-2021-39828
Adobe Digital Editions 4.5.11.187646 (and previous versions) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product ins...
Adobe Digital Editions
4.6
CVSSv2
CVE-2019-12439
bubblewrap.c in Bubblewrap prior to 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
Projectatomic Bubblewrap
NA
CVE-2022-36784
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution.
Elsight Halo Firmware -
6.5
CVSSv2
CVE-2021-43286
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.
Thoughtworks Gocd
NA
CVE-2024-23681
Artemis Java Test Sandbox versions prior to 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed cod...
Ls1intum Artemis Java Test Sandbox
NA
CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Ls1intum Artemis Java Test Sandbox
5
CVSSv2
CVE-2017-17553
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow malicious users to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Br...
Changyou Dolphin 12.0.2
3.5
CVSSv2
CVE-2021-29432
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
Matrix Sydent
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »