Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-26604
systemd prior to 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may...
Systemd Project Systemd
6 Github repositories
7.5
CVSSv3
CVE-2022-4492
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Build Of Quarkus -
Redhat Integration Service Registry -
Redhat Integration Camel K -
Redhat Undertow 2.7.0
Redhat Integration Camel For Spring Boot -
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Runtimes -
7.2
CVSSv3
CVE-2023-24685
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
Churchcrm Churchcrm
7.5
CVSSv3
CVE-2022-46363
A vulnerability in Apache CXF prior to 3.5.5 and 3.4.10 allows an malicious user to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. T...
Apache Cxf
7.5
CVSSv3
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing malicious users to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.
Stackstorm Stackstorm 3.7.0
8.8
CVSSv3
CVE-2022-45045
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and au...
Xiongmaitech Nbd80x09s-kl -
Xiongmaitech Nbd80x09ra-kl -
Xiongmaitech Nbd80n16ra-kl -
Xiongmaitech Nbd88x09s-kl -
Xiongmaitech Nbd80s08s-kl\\(ep\\) -
Xiongmaitech Nbd80s16s-kl\\(ep\\) -
Xiongmaitech Nbd80s10s-kl -
Xiongmaitech Nbd80s16s-kl -
Xiongmaitech Nbd8016s-kl-v2 -
Xiongmaitech Nbd8010s-kl-v2 -
Xiongmaitech Nbd80n16ra-kl\\(ep\\) -
Xiongmaitech Nbd8016ra-k\\(ep\\) -
Xiongmaitech Nbd8032ra-ul-v2 -
Xiongmaitech Nbd8016s-ula-v2 -
Xiongmaitech Nbd8009s-ula-v2 -
Xiongmaitech Nbd8008ra-ul\\(ep\\) -
Xiongmaitech Nbd8016ra-ul\\(ep\\) -
Xiongmaitech Nbd8008ra-ulk -
Xiongmaitech Nbd8008ra-ula -
Xiongmaitech Nbd8904t-gsc-xpoe -
Xiongmaitech Nbd8908t-plc-xpoe -
Xiongmaitech Nbd8032h4-ul -
5.5
CVSSv3
CVE-2022-41946
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will crea...
Postgresql Postgresql Jdbc Driver 42.5.0
Postgresql Postgresql Jdbc Driver
Debian Debian Linux 10.0
2 Github repositories
8.2
CVSSv3
CVE-2022-39368
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions before 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the thr...
Eclipse Californium
9.8
CVSSv3
CVE-2022-37617
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.
Browserify-shim Project Browserify-shim 3.8.15
7.5
CVSSv3
CVE-2022-1278
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
Redhat Wildfly
Redhat Single Sign-on 7.0
Redhat Amq 2.0
Redhat Integration Service Registry -
Redhat Integration Camel K -
Redhat Jboss A-mq 7
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Amq Online -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »