Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-49801
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving thr...
Lifplatforms Lif Auth Server
9.8
CVSSv3
CVE-2023-51987
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows malicious users to log in to administrator accounts with empty passwords.
Dlink Dir-822 Firmware 1.0.2
9.8
CVSSv3
CVE-2023-51989
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows malicious users to log in to administrator accounts with empty passwords.
Dlink Dir-822 Firmware 1.0.2
8.8
CVSSv3
CVE-2023-48253
The vulnerability allows a remote authenticated malicious user to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrar...
Bosch Nexo-os
9.8
CVSSv3
CVE-2023-48250
The vulnerability allows a remote malicious user to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
Bosch Nexo-os
6.5
CVSSv3
CVE-2024-21736
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the malicious user to create in-house bank accounts leading to low impact on the confidentiali...
Sap S\\/4hana Finance 107
Sap S\\/4hana Finance 128
5.4
CVSSv3
CVE-2023-41710
User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sani...
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
5.4
CVSSv3
CVE-2023-29052
Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added san...
Open-xchange Ox App Suite 7.10.6
7.8
CVSSv3
CVE-2023-50612
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local malicious users to escalate privileges and obtain sensitive information via the cloud accounts parameter.
Fit2cloud Cloudexplorer Lite 1.4.1
9.6
CVSSv3
CVE-2023-39655
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-cont...
Perfood Couchauth
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »