Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ahmed vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28343
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
Apsystems Energy Communication Unit Firmware C1.2.5
2 Github repositories
9.8
CVSSv3
CVE-2023-0981
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remote...
Yoga Class Registration System Project Yoga Class Registration System 1.0
9.8
CVSSv3
CVE-2023-0982
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Add Class Entry. The manipulation of the argument id leads to sql injection. The attack ca...
Yoga Class Registration System Project Yoga Class Registration System 1.0
9.8
CVSSv3
CVE-2022-29303
SolarView Compact ver.6.00 exists to contain a command injection vulnerability via conf_mail.php.
Contec Sv-cpt-mc310 Firmware 6.00
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-46422
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote malicious user to execute OS commands without any authentication.
Telesquare Sdt-cs3b1 Firmware 1.1.0
14 Github repositories
9.8
CVSSv3
CVE-2021-4039
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an malicious user to execute arbitrary OS commands on the device.
Zyxel Nwa1100-nh Firmware
9.8
CVSSv3
CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may...
Sysaid On-premise 20.1.11
9.6
CVSSv3
CVE-2021-21201
Use after free in permissions in Google Chrome before 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
9.6
CVSSv3
CVE-2021-21223
Integer overflow in Mojo in Google Chrome before 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
9.6
CVSSv3
CVE-2021-21226
Use after free in navigation in Google Chrome before 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »