Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-16330
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitr...
Nchsoftware Express Accounts Accounting 7.02
NA
CVE-2023-51386
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting informa...
Amazon Awslabs Sandbox Accounts For Events
NA
CVE-2023-50928
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API co...
Amazon Awslabs Sandbox Accounts For Events
9
CVSSv2
CVE-2018-0238
A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote malicious user to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any ...
Cisco Unified Computing System Director 6.5\\(0.1\\)
Cisco Unified Computing System Director 6.5\\(0.0\\)
1 Article
NA
CVE-2024-4835
A XSS condition exists within GitLab in versions 15.11 prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.
1 Article
NA
CVE-2023-7045
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 prior to 16.10.6, from 16.11 prior to 16.11.3, from 17.0 prior to 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).
1 Article
NA
CVE-2024-2874
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.6, version 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.
1 Article
3.5
CVSSv2
CVE-2022-1190
Improper handling of user input in GitLab CE/EE versions 8.3 before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2 allowed an malicious user to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.
Gitlab Gitlab
1 Article
5
CVSSv2
CVE-2001-0335
FTP service in IIS 5.0 and previous versions allows remote malicious users to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
Microsoft Internet Information Server
7.5
CVSSv2
CVE-2001-0347
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote malicious users to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
Microsoft Windows 2000
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »