Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29183
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an malicious user to execute arbitrary javascript ...
9.8
CVSSv3
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000...
Mitsubishielectric Fr Configurator2
Mitsubishielectric Mt Works2
Mitsubishielectric Gx Works3
Mitsubishielectric Mc Works64
Mitsubishielectric Mx Component
Mitsubishielectric Melsoft Navigator
Mitsubishielectric Gx Works2
Mitsubishielectric Got2000
Mitsubishielectric Got1000
Mitsubishielectric Ezsocket
9.8
CVSSv3
CVE-2024-0200
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into a...
Github Enterprise Server
6.5
CVSSv3
CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an malicious user to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and syst...
Freeipa Freeipa
Freeipa Freeipa 4.11.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Fedoraproject Fedora 40
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
6.1
CVSSv3
CVE-2023-50250
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability exists in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_...
Cacti Cacti 1.2.25
5.4
CVSSv3
CVE-2023-2267
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an malicious user to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
Selinc Sel-411l Firmware
Selinc Sel-411l Firmware R128-v0
Selinc Sel-411l Firmware R129-v0
7.5
CVSSv3
CVE-2021-33959
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.
Plex Media Server
1 Github repository
7.5
CVSSv3
CVE-2021-36630
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote malicious users to perform DOS attacks via crafted request.
Ruckuswireless Sz-300 Firmware
Ruckuswireless Sz-144 Firmware
Ruckuswireless Sz-100 Firmware
Ruckuswireless Vsz Firmware
1 Github repository
8
CVSSv3
CVE-2023-21745
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
1 Article
6.1
CVSSv3
CVE-2022-37724
Project Wonder WebObjects 1.0 up to and including 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.
Apple Webobjects
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »