Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
h00die vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-39265
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache...
Apache Superset
9.8
CVSSv3
CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Netwo...
Vmware Aria Operations For Networks
3 Github repositories
7.8
CVSSv3
CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package prior to 3.19.0-21.21 in Ubuntu up to and including 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a c...
Canonical Ubuntu Linux
Linux Linux Kernel
3 EDB exploits
13 Github repositories
9.8
CVSSv3
CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS prior to 12.7.2_U2, 12.x prior to 12.1.3_U8, and 12.2.x up to and including 12.5.x prior to 12.5.9_U2.
Watchguard Fireware
Watchguard Fireware 12.1.3
Watchguard Fireware 12.7.2
Watchguard Fireware 12.5.9
2 Github repositories
7.8
CVSSv3
CVE-2016-4557
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel prior to 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that refere...
Linux Linux Kernel
2 EDB exploits
4 Github repositories
7.2
CVSSv3
CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated malicious user to perform an arbitrary code execution using uncontrolled gzip extraction.
Pulsesecure Pulse Secure Desktop Client
Pulsesecure Pulse Secure Desktop Client 9.1
1 Article
9.8
CVSSv3
CVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
Monitorr Monitorr 1.7.6m
2 Github repositories
9.8
CVSSv3
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an malicious user to authenticate and access unauthorized resources. This does ...
Apache Superset
20 Github repositories
1 Article
NA
CVE-2024-2054
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
1 Github repository
7.5
CVSSv3
CVE-2023-28770
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated malicious user to read the system files and to retrieve the pa...
Zyxel Dx5401-b0 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »