Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
desktop vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2020-8140
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
Nextcloud Desktop
5.4
CVSSv3
CVE-2020-8189
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
Nextcloud Desktop
7.5
CVSSv3
CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
Nextcloud Desktop
6.8
CVSSv3
CVE-2020-8227
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
Nextcloud Desktop
NA
CVE-2007-1085
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote malicious users to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the...
Google Desktop
1 EDB exploit
7.1
CVSSv3
CVE-2022-34292
Docker Desktop for Windows prior to 4.6.0 allows malicious users to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
Docker Desktop
6.1
CVSSv3
CVE-2015-6021
Spiceworks Desktop prior to 2015-12-01 has XSS via an SNMP response.
Spiceworks Desktop
6.5
CVSSv3
CVE-2022-26877
Asana Desktop prior to 1.6.0 allows remote malicious users to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.
Asana Desktop
4.7
CVSSv3
CVE-2022-39334
Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd before 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive ...
Nextcloud Desktop
6.7
CVSSv3
CVE-2020-10665
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise prior to 2...
Docker Desktop
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »