Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
announcements vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4338
wp-includes/functions.php in WordPress prior to 3.6.1 does not properly determine whether data has been serialized, which allows remote malicious users to execute arbitrary code by triggering erroneous PHP unserialize operations.
Wordpress Wordpress
NA
CVE-2013-4339
WordPress prior to 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote malicious users to bypass intended redirection restrictions via a crafted string.
Wordpress Wordpress
NA
CVE-2013-4340
wp-admin/includes/post.php in WordPress prior to 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.
Wordpress Wordpress
NA
CVE-2013-5738
The get_allowed_mime_types function in wp-includes/functions.php in WordPress prior to 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attack...
Wordpress Wordpress
NA
CVE-2013-5739
The default configuration of WordPress prior to 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-...
Wordpress Wordpress
9
CVSSv3
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with...
Apache Log4j 2.0
Apache Log4j
Intel Oneapi -
Intel Audio Development Kit -
Intel Datacenter Manager -
Intel System Debugger -
Intel Secure Device Onboard -
Intel Sensor Solution Firmware Development Kit -
Intel Computer Vision Annotation Tool -
Intel Genomics Kernel Library -
Intel System Studio -
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
195 Github repositories
9 Articles
NA
CVE-2011-4360
MediaWiki prior to 1.17.1 allows remote malicious users to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.
Mediawiki Mediawiki
Debian Debian Linux 5.0
Debian Debian Linux 6.0
NA
CVE-2011-1580
The transwiki import functionality in MediaWiki prior to 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.3
Mediawiki Mediawiki 1.13.4
Mediawiki Mediawiki 1.11
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.16.1
Mediawiki Mediawiki 1.15.5
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.12.4
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.10.2
Mediawiki Mediawiki 1.9.3
Mediawiki Mediawiki 1.9.5
Mediawiki Mediawiki 1.8.0
Mediawiki Mediawiki 1.8.1
Mediawiki Mediawiki 1.6.1
Mediawiki Mediawiki 1.6.10
NA
CVE-2011-4361
MediaWiki prior to 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote malicious users to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonst...
Mediawiki Mediawiki
Debian Debian Linux 5.0
Debian Debian Linux 6.0
NA
CVE-2011-1578
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.16.3, when Internet Explorer 6 or earlier is used, allows remote malicious users to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query ...
Mediawiki Mediawiki 1.15.4
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.1
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.16.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.5
Mediawiki Mediawiki 1.13.3
Mediawiki Mediawiki 1.13.4
Mediawiki Mediawiki 1.11
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.9.2
Mediawiki Mediawiki 1.9.0
Mediawiki Mediawiki 1.8.2
Mediawiki Mediawiki 1.7.0
Mediawiki Mediawiki 1.6.10
Mediawiki Mediawiki 1.6.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »