Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-7873
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the malicious user to cause a arbitrary file download and execution.
Ksystem K-system Wellcomm 1.1
Ksystem K-system Wellcomm 4.0
NA
CVE-2008-3580
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.
Qsoft K-links
1 EDB exploit
NA
CVE-1999-0735
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
Kde K-mail
1 EDB exploit
NA
CVE-2008-3581
Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote malicious users to inject arbitrary web script or HTML via the login_message parameter in a login action.
Qsoft K-links
1 EDB exploit
7.5
CVSSv3
CVE-2019-16161
Onigmo up to and including 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.
K-takata Onigmo
7.5
CVSSv3
CVE-2019-16162
Onigmo up to and including 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.
K-takata Onigmo
9.8
CVSSv3
CVE-2018-17932
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow malicious users to replay commands, control the device, view commands, or cause the device to stop running.
Juuko K-800 Firmware -
9.8
CVSSv3
CVE-2018-19025
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
Juuko K-808 Firmware -
9.8
CVSSv3
CVE-2014-7279
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote malicious users to obtain "equipment management authority" via TCP traffic to port 23.
Kankunit Konke Smart Plug Firmware K
1 EDB exploit
10
CVSSv3
CVE-2018-1000831
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the r...
K9mail K-9 Mail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »