Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-43742
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions before 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated malicious user to obtain an administrative session via a protection mechanism failure in the aut...
Zultys Mx-se Firmware
Zultys Mx-se Ii Firmware
Zultys Mx-e Firmware
Zultys Mx-virtual Firmware
Zultys Mx250 Firmware
Zultys Mx30 Firmware
9.8
CVSSv3
CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an malicious user to perform a client-side path traversal.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2023-24051
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows malicious users to gain escalated privileges via brute force style attacks.
Connectize Ac21000 G6 Firmware 641.139.1.1256
9.8
CVSSv3
CVE-2023-48312
capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-...
Clastix Capsule-proxy
9.8
CVSSv3
CVE-2023-45616
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploit...
Arubanetworks Arubaos 10.5.0.0
Hp Instantos
Arubanetworks Arubaos
9.8
CVSSv3
CVE-2023-41137
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
Appsanywhere Appsanywhere Client 1.4.1
Appsanywhere Appsanywhere Client 1.5.1
Appsanywhere Appsanywhere Client 1.6.0
Appsanywhere Appsanywhere Client 2.0.0
Appsanywhere Appsanywhere Client 1.4.0
Appsanywhere Appsanywhere Client 1.5.2
9.8
CVSSv3
CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic...
Samba Samba
Redhat Enterprise Linux 8.0
Redhat Storage 3.0
Redhat Enterprise Linux Eus 9.0
Fedoraproject Fedora 39
9.8
CVSSv3
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire...
Apache Activemq
Apache Activemq Legacy Openwire Module
25 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-5730
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &l...
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2023-39930
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
Pingidentity Pingid Radius Pcv
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »