Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

act-on vulnerabilities and exploits

(subscribe to this query)
6.1
CVSSv3

CVE-2024-24507

Cross Site Scripting vulnerability in Act-On 2023 allows a remote malicious user to execute arbitrary code via the newUser parameter in the login.jsp component.
Act-on Act-on 2023
4.3
CVSSv3

CVE-2017-2604

In Jenkins prior to 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
Jenkins Jenkins
8.8
CVSSv3

CVE-2019-3783

Cloud Foundry Stratos, versions before 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.
Cloud Foundry StratosCloudfoundry Stratos
4.3
CVSSv3

CVE-2022-45166

An issue exists in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role.
Archibus Archibus Web Central 2022.03.01.107
7.6
CVSSv3

CVE-2025-27406

Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 up to and including 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. Thi...
Icinga Icingaweb2-module-reporting
6.5
CVSSv3

CVE-2023-38712

An issue exists in Libreswan 3.x and 4.x prior to 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the del...
Libreswan Libreswan
8.4
CVSSv3

CVE-2022-43760

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the malicious user to stea...
Suse Rancher
8.8
CVSSv3

CVE-2020-27220

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command targe...
The Eclipse Foundation Eclipse HonoEclipse HonoEclipse Hono 1.5.0
7.6
CVSSv3

CVE-2025-27404

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions before 2.11.5 and 2.12.13 allows an malicious user to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to...
Icinga Icingaweb2
7.6
CVSSv3

CVE-2025-27405

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions before 2.11.5 and 2.12.13 allows an malicious user to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to...
Icinga Icingaweb2
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-3248thanhtungtntremote code executioncodepen embed blockCVE-2025-6354chris coyierCVE-2025-50025nitin yawalkarcode executionCVE-2025-50038CVE-2023-0386cross-site scriptingCVE-2025-6351
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook