Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prominent vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `gi...
Gitpython Project Gitpython
2 Github repositories
NA
CVE-2023-24814
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows malicious users to in...
Typo3 Typo3
NA
CVE-2022-39384
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted no...
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
5
CVSSv2
CVE-2021-46320
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-ex...
Openzeppelin Openzeppelin
6.8
CVSSv2
CVE-2020-29509
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affecte...
Golang Go
Netapp Trident -
6.8
CVSSv2
CVE-2020-29510
The encoding/xml package in Go versions 1.15 and previous versions does not correctly preserve the semantics of directives during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affe...
Golang Go
Netapp Trident -
6.8
CVSSv2
CVE-2020-29511
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an malicious user to craft inputs that behave in conflicting ways during different stages of processing in affected ...
Golang Go
Netapp Trident -
6.8
CVSSv2
CVE-2017-14007
An Insufficient Session Expiration issue exists in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an malicious user to reuse an old session for authorization.
Prominent Multiflex M10a Controller Firmware
6.8
CVSSv2
CVE-2017-14011
A Cross-Site Request Forgery issue exists in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an malicious user to execute unauthorized code, resulting in ...
Prominent Multiflex M10a Controller Firmware
6.8
CVSSv2
CVE-2017-14013
A Client-Side Enforcement of Server-Side Security issue exists in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an malicious user to bypass protection mechanisms, ...
Prominent Multiflex M10a Controller Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »