Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
key vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2022-0543
It exists, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Redis Redis -
1 Metasploit module
10 Github repositories
1000
VMScore
CVE-2021-27850
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019...
Apache Tapestry
1 Metasploit module
3 Github repositories
1000
VMScore
CVE-2018-16158
Eaton Power Xpert Meter 4000, 6000, and 8000 devices prior to 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote malicious users to perform SSH logins (to uid 0) ...
Eaton Power Xpert Meter 4000 Firmware
Eaton Power Xpert Meter 6000 Firmware
Eaton Power Xpert Meter 8000 Firmware
1000
VMScore
CVE-2017-18001
Trustwave Secure Web Gateway (SWG) up to and including 11.8.0.27 allows remote malicious users to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Trustwave Secure Web Gateway
1 EDB exploit
1000
VMScore
CVE-2017-3195
Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.
Commvault Edge 11.0.0
1 EDB exploit
1000
VMScore
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including ...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
6 Github repositories
1000
VMScore
CVE-2014-8687
Seagate Business NAS devices with firmware prior to 2015.00322 allow remote malicious users to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
Seagate Business Nas Firmware 2014.00319
2 EDB exploits
1 Github repository
2 Articles
1000
VMScore
CVE-2016-1560
ExaGrid appliances with firmware prior to 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote malicious users to obtain administrative access via an SSH or HTTP session.
Exagrid Ex3000 Firmware 4.8
Exagrid Ex5000 Firmware 4.8
Exagrid Ex7000 Firmware 4.8
Exagrid Ex10000e Firmware 4.8
Exagrid Ex13000e Firmware 4.8
Exagrid Ex21000e Firmware 4.8
Exagrid Ex32000e Firmware 4.8
Exagrid Ex40000e Firmware 4.8
1 EDB exploit
1000
VMScore
CVE-2016-7456
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote malicious users to obtain login access via an SSH session.
Vmware Vsphere Data Protection 6.1.3
Vmware Vsphere Data Protection 5.5.5
Vmware Vsphere Data Protection 5.5.6
Vmware Vsphere Data Protection 5.5.7
Vmware Vsphere Data Protection 6.0.4
Vmware Vsphere Data Protection 5.5.1
Vmware Vsphere Data Protection 5.8.0
Vmware Vsphere Data Protection 5.8.1
Vmware Vsphere Data Protection 5.8.2
Vmware Vsphere Data Protection 5.8.3
Vmware Vsphere Data Protection 5.8.4
Vmware Vsphere Data Protection 6.1.0
Vmware Vsphere Data Protection 6.1.2
Vmware Vsphere Data Protection 5.5.8
Vmware Vsphere Data Protection 5.5.10
Vmware Vsphere Data Protection 6.0.0
Vmware Vsphere Data Protection 6.0.2
Vmware Vsphere Data Protection 6.1.1
Vmware Vsphere Data Protection 5.5.9
Vmware Vsphere Data Protection 5.5.11
Vmware Vsphere Data Protection 6.0.1
Vmware Vsphere Data Protection 6.0.3
1000
VMScore
CVE-2016-1287
Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software prior to 8.4(7.30), 8.7 prior to 8.7(1.18), 9.0 prior to 9.0(4.38), 9.1 prior to 9.1(7), 9.2 prior to 9.2(4.5), 9.3 prior to 9.3(3.7), 9.4 prior to 9.4(2.4), and 9.5 prior to 9.5(2.2) on ASA 5500 devices...
Cisco Adaptive Security Appliance Software 9.3.2
Cisco Adaptive Security Appliance Software 9.1.1.4
Cisco Adaptive Security Appliance Software 9.1.4
Cisco Adaptive Security Appliance Software 8.6.1.12
Cisco Adaptive Security Appliance Software 9.2.2.7
Cisco Adaptive Security Appliance Software 9.1.5.21
Cisco Adaptive Security Appliance Software 9.1.3
Cisco Adaptive Security Appliance Software 9.1.2
Cisco Adaptive Security Appliance Software 9.2.3
Cisco Adaptive Security Appliance Software 9.3.1.1
Cisco Adaptive Security Appliance Software 9.1.1
Cisco Adaptive Security Appliance Software 9.2.2.8
Cisco Adaptive Security Appliance Software 9.3.1
Cisco Adaptive Security Appliance Software 9.1.2.8
Cisco Adaptive Security Appliance Software 9.1.5.15
Cisco Adaptive Security Appliance Software 9.1.5.10
Cisco Adaptive Security Appliance Software 9.2.1
Cisco Adaptive Security Appliance Software 9.3.2.2
Cisco Adaptive Security Appliance Software 9.1.5
Cisco Adaptive Security Appliance Software 9.2.2.4
Cisco Adaptive Security Appliance Software 9.1.5.12
Cisco Adaptive Security Appliance Software 9.1.3.2
1 EDB exploit
7 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »