Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inject vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-6027
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote malicious users to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web s...
Torrentflux Project Torrentflux 2.4
534
VMScore
CVE-2021-37131
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can...
Huawei Manageone 6.5.1
Huawei Manageone 6.5.1.1
Huawei Manageone 8.0.0
Huawei Manageone 8.0.1
Huawei Imanager Neteco V600r010c00cp2001
Huawei Imanager Neteco V600r010c00cp2002
Huawei Imanager Neteco V600r010c00cp3001
Huawei Imanager Neteco V600r010c00cp3002
Huawei Imanager Neteco V600r010c00cp3101
Huawei Imanager Neteco V600r010c00cp3102
Huawei Imanager Neteco V600r010c00spc100
Huawei Imanager Neteco V600r010c00spc110
Huawei Imanager Neteco V600r010c00spc120
Huawei Imanager Neteco V600r010c00spc200
Huawei Imanager Neteco V600r010c00spc210
Huawei Imanager Neteco V600r010c00spc300
Huawei Imanager Neteco V600r010c00spc310
Huawei Imanager Neteco 6000 V600r009c00cp2201
Huawei Imanager Neteco 6000 V600r009c00cp2301
Huawei Imanager Neteco 6000 V600r009c00spc100
Huawei Imanager Neteco 6000 V600r009c00spc110
Huawei Imanager Neteco 6000 V600r009c00spc120
312
VMScore
CVE-2018-7260
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin prior to 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Phpmyadmin Phpmyadmin
383
VMScore
CVE-2007-4064
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x prior to 5.2, and 4.7.x prior to 4.7.7, (1) allow remote malicious users to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administ...
Drupal Drupal 4.7.4
Drupal Drupal 4.7.5
Drupal Drupal 4.7.0
Drupal Drupal 4.7.1
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Drupal 4.7.2
Drupal Drupal 4.7.3
Drupal Drupal 4.7
Drupal Drupal 4.7.6
Drupal Drupal 4.7 Rev1.15
383
VMScore
CVE-2006-6223
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
Google Mini Search Appliance
Google Search Appliance
445
VMScore
CVE-2017-8812
MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows remote malicious users to inject > (greater than) characters via the id attribute of a headline.
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.2
Debian Debian Linux 9.0
383
VMScore
CVE-2014-6439
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch prior to 1.4.0.Beta1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Elasticsearch Elasticsearch
NA
CVE-2022-37027
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX ser...
Ahsay Cloud Backup Suite 9.1.4.0
383
VMScore
CVE-2016-4841
Cybozu Mailwise prior to 5.4.0 allows remote malicious users to inject arbitrary email headers.
Cybozu Mailwise 5.0.5
Cybozu Mailwise 5.1.0
Cybozu Mailwise 5.3.1
Cybozu Mailwise 5.0.0
Cybozu Mailwise 5.0.1
Cybozu Mailwise 5.0.4
Cybozu Mailwise 5.1.2
Cybozu Mailwise 5.1.4
Cybozu Mailwise 5.2.0
Cybozu Mailwise 5.2.1
Cybozu Mailwise 5.0.6
Cybozu Mailwise 5.1.1
Cybozu Mailwise 5.3.0
Cybozu Mailwise 5.3.2
383
VMScore
CVE-2014-0029
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Redhat Subscription Asset Manager 1.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »