Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-4496
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.
Easy Chat Server Project Easy Chat Server
6.1
CVSSv3
CVE-2023-4497
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.
Easy Chat Server Project Easy Chat Server
7.5
CVSSv3
CVE-2017-16036
`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Badjs-sourcemap-server Project Badjs-sourcemap-server
7.5
CVSSv3
CVE-2017-16124
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Node-server-forfront Project Node-server-forfront
7.5
CVSSv3
CVE-2017-16210
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Jn Jj Server Project Jn Jj Server
9.8
CVSSv3
CVE-2023-49208
scheme/webauthn.c in Glewlwyd SSO server prior to 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.
Glewlwyd Sso Server Project Glewlwyd Sso Server
7.5
CVSSv3
CVE-2020-35857
An issue exists in the trust-dns-server crate prior to 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.
Trust-dns-server Project Trust-dns-server
7.5
CVSSv3
CVE-2023-26104
All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
Lite-web-server Project Lite-web-server -
6.1
CVSSv3
CVE-2024-25715
Glewlwyd SSO server 2.x up to and including 2.7.6 allows open redirection via redirect_uri.
Glewlwyd Sso Server Project Glewlwyd Sso Server
9.8
CVSSv3
CVE-2018-10387
Heap-based overflow vulnerability in TFTP Server SP 1.66 and previous versions allows remote malicious users to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.
Open Tftp Server Project Open Tftp Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »