Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karmainsecurity.com vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-26598
ImpressCMS prior to 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Impresscms Impresscms
9.8
CVSSv3
CVE-2021-26599
ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.
Impresscms Impresscms
6.1
CVSSv3
CVE-2018-2699
Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is before 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful ...
Oracle Application Express
9.8
CVSSv3
CVE-2019-18662
An issue exists in YouPHPTube up to and including 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL que...
Youphptube Youphptube
9.8
CVSSv3
CVE-2021-26600
ImpressCMS prior to 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Impresscms Impresscms
7.5
CVSSv3
CVE-2020-13383
openSIS up to and including 7.4 allows Directory Traversal.
Os4ed Opensis
8.8
CVSSv3
CVE-2023-22850
Tiki prior to 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
Tiki Tiki
8.8
CVSSv3
CVE-2016-5313
Symantec Web Gateway (SWG) prior to 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
Symantec Web Gateway
9.8
CVSSv3
CVE-2020-13380
openSIS prior to 7.4 allows SQL Injection.
Os4ed Opensis
9.8
CVSSv3
CVE-2020-13381
openSIS up to and including 7.4 allows SQL Injection.
Os4ed Opensis
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »