Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client application access vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49805
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their clie...
Dockge.kuma Dockge
Uptime.kuma Uptime Kuma
NA
CVE-2023-46127
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been pa...
Frappe Frappe
NA
CVE-2023-44689
e-Gov Client Application (Windows version) versions before 2.1.1.0 and e-Gov Client Application (macOS version) versions before 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. ...
E-gov E-gov
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
NA
CVE-2023-40534
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions wh...
F5 Big-ip Access Policy Manager 17.1.0
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Firewall Manager 17.1.0
F5 Big-ip Advanced Web Application Firewall 17.1.0
F5 Big-ip Analytics 17.1.0
F5 Big-ip Application Acceleration Manager 17.1.0
F5 Big-ip Application Security Manager 17.1.0
F5 Big-ip Application Visibility And Reporting 17.1.0
F5 Big-ip Carrier-grade Nat 17.1.0
F5 Big-ip Ddos Hybrid Defender 17.1.0
F5 Big-ip Domain Name System 17.1.0
F5 Big-ip Edge Gateway 17.1.0
F5 Big-ip Fraud Protection Service 17.1.0
F5 Big-ip Global Traffic Manager 17.1.0
F5 Big-ip Link Controller 17.1.0
F5 Big-ip Local Traffic Manager 17.1.0
F5 Big-ip Policy Enforcement Manager 17.1.0
F5 Big-ip Ssl Orchestrator 17.1.0
NA
CVE-2023-39531
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credenti...
Sentry Sentry
NA
CVE-2023-1862
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an malicious user to trigger WARP connect and disconnect comman...
Cloudflare Warp
NA
CVE-2023-32312
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application...
Umbraco Umbraco Identity Extensibility
NA
CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send on...
Palletsprojects Flask
4 Github repositories
NA
CVE-2023-27462
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote malicious users to access data they are ...
Siemens Ruggedcom Crossbow
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »