Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activity vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-38878
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.
School Activity Updates With Sms Notification Project School Activity Updates With Sms Notification 1.0
7.2
CVSSv3
CVE-2022-38268
School Activity Updates with SMS Notification v1.0 exists to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=.
School Activity Updates With Sms Notification Project School Activity Updates With Sms Notification 1.0
5.4
CVSSv3
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated malicious users to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do ...
Atlassian Activity Streams
6.1
CVSSv3
CVE-2018-8729
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin prior to 2.4.1 for WordPress allow remote malicious users to inject arbitrary JavaScript or HTML via a title that is not escaped.
Pojo Activity Log
1 EDB exploit
7.5
CVSSv3
CVE-2022-34126
The Activity plugin prior to 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.
Glpi-project Activity
6.1
CVSSv3
CVE-2016-10890
The aryo-activity-log plugin prior to 2.3.2 for WordPress has XSS.
Pojo Activity Log
6.1
CVSSv3
CVE-2016-10891
The aryo-activity-log plugin prior to 2.3.3 for WordPress has XSS.
Pojo Activity Log
4.3
CVSSv3
CVE-2023-4269
The User Activity Log WordPress plugin prior to 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.
Solwininfotech User Activity Log
9.8
CVSSv3
CVE-2023-3435
The User Activity Log WordPress plugin prior to 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated malicious users to conduct SQL injection attacks.
Solwininfotech User Activity Log
7.5
CVSSv3
CVE-2023-5133
This user-activity-log-pro WordPress plugin prior to 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Solwininfotech User Activity Log
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »