Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
announcements vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4500
The Announcements module 6.x-1.x prior to 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.
Nancy Wichmann Announcements 6.x-1.3
Nancy Wichmann Announcements 6.x-1.2
Nancy Wichmann Announcements 6.x-1.x
Nancy Wichmann Announcements 6.x-1.4
Nancy Wichmann Announcements 6.x-1.1
Nancy Wichmann Announcements 6.x-1.0
5.4
CVSSv3
CVE-2023-0363
The Scheduled Announcements Widget WordPress plugin prior to 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr...
Nlb-creations Scheduled Announcements Widget
NA
CVE-2012-4121
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
Cisco Nx-os -
9.8
CVSSv3
CVE-2017-8898
Invision Power Services (IPS) Community Suite 4.1.19.2 and previous versions has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&...
Invisioncommunity Invision Power Board
8.8
CVSSv3
CVE-2020-26804
In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upl...
Sapplica Sentrifugo 3.2
5.4
CVSSv3
CVE-2021-24455
The Tutor LMS – eLearning and online course solution WordPress plugin prior to 1.9.2 did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting ...
Themeum Tutor Lms
1 Github repository
NA
CVE-2001-1071
Cisco IOS 12.2 and previous versions running Cisco Discovery Protocol (CDP) allows remote malicious users to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
Cisco Ios 11.1
Cisco Ios 12.1
Cisco Ios 11.2
Cisco Ios 11.3\\(11\\)b
Cisco Ios 12.0\\(19\\)
Cisco Ios 12.0\\(5.1\\)xp
Cisco Catos 4.5\\(1\\)
5.4
CVSSv3
CVE-2023-36223
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote malicious user to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.
Bbs-go Bbs-go
NA
CVE-2003-1185
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote malicious users to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
Thwboard Thwboard 2.8 Beta
Thwboard Thwboard 2.81 Beta
6.1
CVSSv3
CVE-2022-42110
A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 up to and including 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or ...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »