Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rcesecurity.com vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-29459
The laola.redbull application up to and including 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus...
Redbull Fc Red Bull Salzburg
NA
CVE-2023-294592
FC Red Bull Salzburg App versions 5.1.9-R and below suffer from an improper authorization vulnerability.
NA
CVE-2023-294592023
FC Red Bull Salzburg App versions 5.1.9-R and below suffer from an improper authorization vulnerability.
NA
CVE-2023-226202
SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
NA
CVE-2023-226202023
SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
NA
CVE-2023-228972
SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
NA
CVE-2023-228972023
SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
7.5
CVSSv3
CVE-2023-22620
An issue exists in SecurePoint UTM prior to 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrat...
Securepoint Unified Threat Management
1 Github repository
6.5
CVSSv3
CVE-2023-22897
An issue exists in SecurePoint UTM prior to 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obta...
Securepoint Unified Threat Management
NA
CVE-2023-02912
WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »