Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
field test vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32890
librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting in the JSON API. The `processedString` field in the `ispinfo` parameter is missi...
NA
CVE-2024-26826
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data re-injection from stale subflow When the MPTCP PM detects that a subflow is stale, all the packet scheduler must re-inject all the mptcp-level unacked data. To avoid acquiring unneeded locks, it f...
8.8
CVSSv3
CVE-2023-49254
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting charact...
Hongdian H8951-4g-esp Firmware
6.5
CVSSv3
CVE-2023-25822
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches wit...
Reportportal Service-api
Reportportal Reportportal
8.8
CVSSv3
CVE-2023-30628
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value...
Kiwitcms Kiwi Tcms
9.8
CVSSv3
CVE-2023-21554
Microsoft Message Queuing Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 20h2
Microsoft Windows 11 21h2
Microsoft Windows 10 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1809
Microsoft Windows 10 1607
1 Metasploit module
4 Github repositories
2 Articles
7.5
CVSSv3
CVE-2022-41723
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Golang Go
Golang Go 1.20.0
Golang Http2
Golang Hpack
2 Github repositories
7.5
CVSSv3
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, US...
Zyxel Usg Flex 100w Firmware
Zyxel Usg Flex 200 Firmware
Zyxel Usg Flex 500 Firmware
Zyxel Usg Flex 700 Firmware
Zyxel Vpn100 Firmware
Zyxel Vpn1000 Firmware
Zyxel Vpn300 Firmware
Zyxel Vpn50 Firmware
Zyxel Atp100 Firmware
Zyxel Atp100w Firmware
Zyxel Atp200 Firmware
Zyxel Atp500 Firmware
Zyxel Atp700 Firmware
Zyxel Atp800 Firmware
Zyxel Usg Flex 50w Firmware
Zyxel Usg20w-vpn Firmware
1 Metasploit module
17 Github repositories
7.8
CVSSv3
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle ...
Polkit Project Polkit
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
281 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »