Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-28870
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client prior to 12.22 allow malicious users to write to configuration files from low-privileged user accounts.
Ncp-e Secure Enterprise Client
6.1
CVSSv3
CVE-2023-28874
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows malicious users to redirect users to arbitrary sites.
Seafile Seafile 9.0.6
5.3
CVSSv3
CVE-2023-49948
Forgejo prior to 1.20.5-1 allows remote malicious users to test for the existence of private user accounts by appending .rss (or another extension) to a URL.
Forgejo Forgejo
1 Github repository
8.8
CVSSv3
CVE-2023-49097
ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the ...
Zitadel Zitadel
4.3
CVSSv3
CVE-2023-29064
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
Bd Facschorus 5.0
Bd Facschorus 5.1
Bd Facschorus 3.0
Bd Facschorus 3.1
3.5
CVSSv3
CVE-2023-29066
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
Bd Facschorus 5.0
Bd Facschorus 5.1
Bd Facschorus 3.0
Bd Facschorus 3.1
7.1
CVSSv3
CVE-2023-21417
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- priv...
Axis Axis Os
Axis Axis Os 2022
Axis Axis Os 2020
7.1
CVSSv3
CVE-2023-21418
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service ac...
Axis Axis Os 2018
Axis Axis Os
Axis Axis Os 2022
Axis Axis Os 2020
6.1
CVSSv3
CVE-2023-40812
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
Opencrx Opencrx 5.2.0
6.1
CVSSv3
CVE-2023-40814
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
Opencrx Opencrx 5.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »