Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
evergreen vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-51423
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Creat...
Saleswonder Webinarignition
8.8
CVSSv3
CVE-2023-51422
Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoo...
Saleswonder Webinarignition
7.5
CVSSv3
CVE-2015-2204
Evergreen prior to 2.5.9, 2.6.x prior to 2.6.7, and 2.7.x prior to 2.7.4 allows remote malicious users to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce ...
Evergreen-ils Evergreen
6.5
CVSSv3
CVE-2013-7435
The open-ils.pcrud endpoint in Evergreen prior to 2.5.9, 2.6.x prior to 2.6.7, and 2.7.x prior to 2.7.4 allows remote malicious users to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Evergreen-ils Evergreen
6.5
CVSSv3
CVE-2015-2203
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.
Evergreen-ils Evergreen 2.7.4
Evergreen-ils Evergreen 2.6.7
Evergreen-ils Evergreen 2.5.9
4.8
CVSSv3
CVE-2023-41127
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Conten...
Evergreencontentposter Evergreen Content Poster
3.3
CVSSv3
CVE-2014-8134
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel up to and including 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that r...
Linux Linux Kernel
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Opensuse Evergreen 11.4
Opensuse Opensuse 13.1
Suse Suse Linux Enterprise Server 11
Oracle Linux 6
NA
CVE-2024-1844
The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possi...
NA
CVE-2024-29099
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster allows Reflected XSS.This issue affects Evergreen Content Poster: from n/a up to and including 1.4.1.
NA
CVE-2015-5125
Adobe Flash Player prior to 18.0.0.232 on Windows and OS X and prior to 11.2.202.508 on Linux, Adobe AIR prior to 18.0.0.199, Adobe AIR SDK prior to 18.0.0.199, and Adobe AIR SDK & Compiler prior to 18.0.0.199 allow malicious users to cause a denial of service (vector-length ...
Adobe Air Sdk
Adobe Air
Adobe Air Sdk \\& Compiler
Adobe Flash Player
Opensuse Evergreen 11.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »