Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discovery vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2021-32671
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allow...
Flarum Flarum 1.0.0
Flarum Flarum 1.0.1
10
CVSSv3
CVE-2020-26822
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated malicious user to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.
Sap Solution Manager 7.20
10
CVSSv3
CVE-2020-13702
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables malicious users to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly t...
The Rolling Proximity Identifier Project The Rolling Proximity Identifier
9.8
CVSSv3
CVE-2023-47143
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 up to and including 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an malicious user to conduct various attacks against the vulnerable system...
Ibm Tivoli Application Dependency Discovery Manager
9.8
CVSSv3
CVE-2023-31129
The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND p...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2023-1097
Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated b...
Baicells Eg7035-m11 Firmware
9.8
CVSSv3
CVE-2023-21803
Windows iSCSI Discovery Service Remote Code Execution Vulnerability
Microsoft Windows Server 2008 -
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 10 1607
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10
9.8
CVSSv3
CVE-2022-40918
Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows malicious user to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomput...
Force1rc Discovery Wifi U818a Hd\\+ Fpv Firmware 2.0.10
9.8
CVSSv3
CVE-2022-23463
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java clas...
Nepxion Discovery
9.8
CVSSv3
CVE-2022-36201
Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.
Doctor\\'s Appointment System Project Doctor\\'s Appointment System 1.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »