Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
effect project vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-7624
effect up to and including 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.
Effect Project Effect
4.3
CVSSv2
CVE-2015-1384
Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin prior to 1.2.8 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to wp-admin/options-general.php.
Banner Effect Header Project Banner Effect Header
6.8
CVSSv2
CVE-2015-0920
Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter i...
Banner Effect Header Project Banner Effect Header 1.2.6
7.5
CVSSv2
CVE-2020-36326
PHPMailer 6.1.8 up to and including 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unrea...
Phpmailer Project Phpmailer
Wordpress Wordpress
1 Github repository
NA
CVE-2022-41854
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
Snakeyaml Project Snakeyaml
Fedoraproject Fedora 36
Fedoraproject Fedora 37
2 Github repositories
NA
CVE-2022-40151
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Xstream Project Xstream
NA
CVE-2022-40152
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denia...
Xstream Project Xstream
Fasterxml Woodstox
NA
CVE-2022-40149
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of ser...
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-40150
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of ser...
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.5
CVSSv2
CVE-2021-21368
msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 prior to 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "__proto__", it assigns the decoded value to __proto_...
Msgpack5 Project Msgpack5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »