Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kc vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-4406
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: up to and including 20231123. NOTE: The vendor was contacted early about this ...
Kc Group E-commerce Software Project Kc Group E-commerce Software
5.9
CVSSv3
CVE-2017-9574
The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain s...
Meafinancial Kc Area Credit Union Mobile Banking 3.0.1
NA
CVE-2008-1170
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote malicious users to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
Kcwiki Kcwiki 1.0
2 EDB exploits
6.1
CVSSv3
CVE-2019-9910
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.
King-theme Kingcomposer 2.7.6
6.1
CVSSv3
CVE-2020-15299
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin up to and including 2.9.4 for WordPress allows remote malicious users to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-pre...
King-theme Kingcomposer
NA
CVE-2023-6717
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one real...
NA
CVE-2005-0513
PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote malicious users to execute arbitrary PHP code by directly requesting mail_autocheck.php and modify...
Pmachine Pmachine Pro 2.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started