Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project 2016 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-11023
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
Odata4j Project Odata4j 0.7
9.8
CVSSv3
CVE-2016-11024
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
Odata4j Project Odata4j 0.7
7.5
CVSSv3
CVE-2015-8851
node-uuid prior to 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for malicious users to have unspecified impact via brute force guessing.
Node-uuid Project Node-uuid
1 Github repository
9.8
CVSSv3
CVE-2019-19919
Versions of handlebars before 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an malicious user to execute arbitrary code through crafted payloads.
Handlebars.js Project Handlebars.js 1.0.6
Handlebars.js Project Handlebars.js 1.0.7
Handlebars.js Project Handlebars.js 1.0.8
Handlebars.js Project Handlebars.js 1.0.9
Handlebars.js Project Handlebars.js 1.0.10
Handlebars.js Project Handlebars.js 1.0.11
Handlebars.js Project Handlebars.js 1.0.12
Handlebars.js Project Handlebars.js 1.1.0
Handlebars.js Project Handlebars.js 1.1.1
Handlebars.js Project Handlebars.js 1.1.2
Handlebars.js Project Handlebars.js 1.2.0
Handlebars.js Project Handlebars.js 1.2.1
Handlebars.js Project Handlebars.js 1.3.0
Handlebars.js Project Handlebars.js 2.0.0
Handlebars.js Project Handlebars.js 3.0.0
Handlebars.js Project Handlebars.js 3.0.1
Handlebars.js Project Handlebars.js 3.0.2
Handlebars.js Project Handlebars.js 3.0.3
Handlebars.js Project Handlebars.js 4.0.0
Handlebars.js Project Handlebars.js 4.0.1
Handlebars.js Project Handlebars.js 4.0.2
Handlebars.js Project Handlebars.js 4.0.3
8.8
CVSSv3
CVE-2019-17590
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineer...
Csrf Magic Project Csrf Magic
4.4
CVSSv3
CVE-2016-1000236
Node-cookie-signature prior to 1.0.6 is affected by a timing attack due to the type of comparison used.
Cookie-signature Project Cookie-signature
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2005-4890
There is a possible tty hijacking in shadow 4.x prior to 4.1.5 and sudo 1.x prior to 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next proces...
Debian Shadow
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 5
Redhat Enterprise Linux 4
Redhat Enterprise Linux 6.0
2 Github repositories
7.5
CVSSv3
CVE-2018-5732
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affe...
Isc Dhcp 4.1-esv
Isc Dhcp
Isc Dhcp 4.1.2
Isc Dhcp 4.4.0
6.1
CVSSv3
CVE-2016-10994
The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.
Truemag Theme Project Truemag Theme 2016 Q2
7.5
CVSSv3
CVE-2016-10991
The imdb-widget plugin prior to 1.0.9 for WordPress has Local File Inclusion.
Imdb-widget Project Imdb-widget
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »