Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nu11secur1ty vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-29849
Bang Resto 1.0 exists to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.
Hockeycomputindo Bang Resto 1.0
4.8
CVSSv3
CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
Concretecms Concrete Cms
9.8
CVSSv3
CVE-2021-26201
The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.
Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0
7.8
CVSSv3
CVE-2021-0527
In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroi...
Google Android -
5.4
CVSSv3
CVE-2021-35501
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
Pandorafms Pandora Fms
5.4
CVSSv3
CVE-2021-38138
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
Onenav Onenav 0.9.12
6.1
CVSSv3
CVE-2021-38757
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
Hospital Management System Project Hospital Management System -
5.4
CVSSv3
CVE-2021-38152
index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.
Chikitsa Patient Management System 2.0.0
4.8
CVSSv3
CVE-2021-38603
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Pluxml Pluxml 5.8.7
1 Github repository
9.8
CVSSv3
CVE-2022-28452
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.
Redplanetcomputers Laundry Management System 1.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »