Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anonymous vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-29007
The Score extension up to and including 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execut...
Mediawiki Score
5 Github repositories
8.8
CVSSv3
CVE-2023-22951
An issue exists in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API ...
Tigergraph Cloud -
Tigergraph Tigergraph Enterprise 3.7.0
8.8
CVSSv3
CVE-2023-28205
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is ...
Apple Safari
Apple Macos
Apple Ipados
Apple Iphone Os
2 Articles
9.8
CVSSv3
CVE-2023-1133
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated mal...
Deltaww Infrasuite Device Master
5.3
CVSSv3
CVE-2023-28442
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the `/geoserver/re...
Geosolutionsgroup Geonode
9.8
CVSSv3
CVE-2023-25344
An issue exists in swig-templates thru 2.0.4 and swig thru 1.4.2, allows malicious users to execute arbitrary code via crafted Object.prototype anonymous function.
Swig-templates Project Swig-templates
Swig Project Swig
9.8
CVSSv3
CVE-2023-0090
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard config...
Proofpoint Enterprise Protection 8.20.0
Proofpoint Enterprise Protection 8.18.6
Proofpoint Enterprise Protection
8.8
CVSSv3
CVE-2023-23529
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a re...
Apple Ipados
Apple Iphone Os
Apple Safari
Apple Macos
3 Articles
7.5
CVSSv3
CVE-2023-22500
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, before 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbil...
Glpi-project Glpi
6.5
CVSSv3
CVE-2023-23589
The SafeSocks option in Tor prior to 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
Torproject Tor
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »