Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redteam-pentesting.de vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-1854
A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote malicious user to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An at...
Cisco Telepresence Video Communication Server X8.11.4
5.3
CVSSv3
CVE-2023-38357
Session tokens in RWS WorldServer 11.7.3 and previous versions have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
Rws Worldserver
9.8
CVSSv3
CVE-2022-23178
An issue exists on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document wi...
Crestron Hd-md4x2-4k-e Firmware 1.0.0.2159
1 Github repository
NA
CVE-2014-8874
The ke_questionnaire extension 2.5.2 and previous versions for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote malicious users to obtain sensitive information via a direct request.
Kennziffer Ke Questionnaire
6.1
CVSSv3
CVE-2023-0214
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x before 11.2.6, 10.x before 10.2.17, and controlled release 12.x before 12.0.1 allows a remote malicious user to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitr...
Trellix Skyhigh Secure Web Gateway 12.0.0
Trellix Skyhigh Secure Web Gateway
7.5
CVSSv3
CVE-2019-13549
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning...
Carel Pcoweb Firmware
9.8
CVSSv3
CVE-2019-13553
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow malicious users to influence the primary operations of...
Carel Pcoweb Firmware
6.1
CVSSv3
CVE-2020-24553
Go prior to 1.14.8 and 1.15.x prior to 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
Golang Go
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Leap 15.2
Oracle Communications Cloud Native Core Policy 1.5.0
7.5
CVSSv3
CVE-2022-42953
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be prior to 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.0...
Zkteco Zmm200 Firmware
Zkteco Zmm210 Firmware
Zkteco Zmm220 Firmware
Zkteco Zem720 Firmware
Zkteco Zem600 Firmware
Zkteco Zem800 Firmware
Zkteco Zem510 Firmware
Zkteco Zem560 Firmware
Zkteco Zem760 Firmware
Zkteco Zem500 Firmware
7.5
CVSSv3
CVE-2021-40856
Auerswald COMfortel 1400 IP and 2600 IP prior to 2.8G devices allow Authentication Bypass via the /about/../ substring.
Auerswald Comfortel 3600 Ip Firmware
Auerswald Comfortel 2600 Ip Firmware
Auerswald Comfortel 1400 Ip Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »