Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
caldera vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-14462
CALDERA 2.7.0 allows XSS via the Operation Name box.
Mitre Caldera 2.7.0
8.8
CVSSv3
CVE-2021-42560
An issue exists in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, O...
Mitre Caldera 2.9.0
4.8
CVSSv3
CVE-2018-7747
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin prior to 1.6.0-rc.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported fo...
Calderalabs Caldera Forms
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2022-0879
The Caldera Forms WordPress plugin prior to 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting
Calderaforms Caldera Forms
NA
CVE-2001-1576
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.
Caldera Unixware 7
NA
CVE-2002-0105
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.
Caldera Unixware 7.1.0
NA
CVE-2000-0192
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote malicious users to determine what packages are installed on the system.
Caldera Openlinux 2.3
1 EDB exploit
4.8
CVSSv3
CVE-2021-24896
The Caldera Forms WordPress plugin prior to 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Calderaforms Caldera Forms
NA
CVE-2001-1153
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
Caldera Openunix 8.0
NA
CVE-2001-1164
Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.
Caldera Unixware 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »