Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k vulnerabilities and exploits
(subscribe to this query)
481
VMScore
CVE-2014-7719
The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Mobile Baseball Manager K 1.13
383
VMScore
CVE-2009-3008
K-Meleon 1.5.3 allows context-dependent malicious users to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
Christophe Thibault K-meleon 1.5.3
383
VMScore
CVE-2017-2103
The LaLa Call App for Android 2.4.7 and previous versions does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
K-opticom Corporation Lala Call
383
VMScore
CVE-2014-3452
Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted .jpg file.
Codecguide K-lite Codec Pack
685
VMScore
CVE-2008-6768
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
Shopsystem-forum K\\&s Shopsoftware
1 EDB exploit
383
VMScore
CVE-2021-37596
Telegram Web K Alpha 0.6.1 allows XSS via a document name.
Telegram Web K Alpha 0.6.1
383
VMScore
CVE-2015-9453
The broken-link-manager plugin prior to 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
K-78 Broken Link Manager
668
VMScore
CVE-2015-9467
The broken-link-manager plugin prior to 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
K-78 Broken Link Manager
435
VMScore
CVE-2008-5072
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote malicious users to cause a denial of service (application crash) via a malformed FLV file.
K-lite Mega Codec Pack 3.5.7.0
1 EDB exploit
1000
VMScore
CVE-2007-6176
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
Amensa-soft K\\+b-bestellsystem 2.3.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »