Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chris vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-26629
A JQuery Unrestricted Arbitrary File Upload vulnerability exists in Hospital Management System V4.0 which allows an unauthenticated malicious user to upload any file to the server.
Phpgurukul Hospital Management System 4.0
9.8
CVSSv3
CVE-2023-26015
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a up to and ...
Mappresspro Mappress Maps For Wordpress
9.8
CVSSv3
CVE-2020-6831
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.2
9.8
CVSSv3
CVE-2020-9015
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow malicious users to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue ...
Arista Dcs-7050qx-32s-r Firmware 4.20.9m
Arista Dcs-7050cx3-32s-r Firmware 4.20.11m
Arista Dcs-7280sram-48c6-r Firmware 4.22.0.1f
9.8
CVSSv3
CVE-2019-17393
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and dis...
Tomedo Server 1.7.3
9.8
CVSSv3
CVE-2019-12989
Citrix SD-WAN 10.2.x prior to 10.2.3 and NetScaler SD-WAN 10.0.x prior to 10.0.8 allow SQL Injection.
Citrix Netscaler Sd-wan
Citrix Sd-wan
1 EDB exploit
9.8
CVSSv3
CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an malicious user to run arbitrary commands as root. This issue affects: Canonical snapd versions before 2.37.1.
Canonical Snapd
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
2 EDB exploits
8 Github repositories
1 Article
9.8
CVSSv3
CVE-2018-15708
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated malicious users to execute arbitrary commands via a crafted HTTP request.
Nagios Nagios Xi 5.5.6
2 EDB exploits
2 Metasploit modules
1 Github repository
9.8
CVSSv3
CVE-2018-13415
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same perm...
Plex Media Server 1.13.2.5154
1 EDB exploit
9.8
CVSSv3
CVE-2018-13417
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same per...
Vuze Bittorrent Client 5.7.6.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »