Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lepton vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-3385
Cross-site scripting (XSS) vulnerability in WebsiteBaker prior to 2.8, as used in LEPTON and possibly other products, allows remote malicious users to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307.
Websitebaker2 Websitebaker 2.6.7
Lepton-cms Lepton
Websitebaker2 Websitebaker
5.5
CVSSv3
CVE-2017-8891
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
Dropbox Lepton 1.2.1
6.1
CVSSv3
CVE-2020-12705
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS prior to 4.6.0.
Lepton-cms Leptoncms
5.5
CVSSv3
CVE-2017-7448
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
Dropbox Lepton 1.2.1
7.8
CVSSv3
CVE-2022-26181
Dropbox Lepton v1.2.1-185-g2a08b77 exists to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
Dropbox Lepton 1.2.1
5.5
CVSSv3
CVE-2018-12108
An issue exists in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote malicious users to cause a denial of service (SIGFPE and application crash) via a malformed file.
Dropbox Lepton 1.2.1
7.8
CVSSv3
CVE-2018-20819
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing ...
Dropbox Lepton 1.2.1
5.5
CVSSv3
CVE-2018-20820
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows malicious users to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.
Dropbox Lepton 1.2.1
7.2
CVSSv3
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated malicious users to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
Lepton-cms Leptoncms 7.0.0
6.1
CVSSv3
CVE-2020-24872
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote malicious users to execute arbitrary code.
Lepton-cms Leptoncms 4.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »