Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secret vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5034
ELinks prior to 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote malicious users to sniff sensitive data that would have been protected by TLS. NOTE: this issue ...
Elinks Elinks
7.4
CVSSv3
CVE-2018-1000089
Anymail django-anymail version version 0.2 up to and including 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable...
Django-anymail Project Django-anymail
NA
CVE-2012-6140
pam_google_authenticator.c in the PAM module in Google Authenticator prior to 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different v...
Google Authenticator 0.87
Google Authenticator 0.86
Google Authenticator
4.8
CVSSv3
CVE-2020-12618
eM Client prior to 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle malicious user to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be ...
Emclient Em Client
2 Articles
5.9
CVSSv3
CVE-2020-12619
MailMate prior to 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle malicious user to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be imperson...
Freron Mailmate
2 Articles
6.5
CVSSv3
CVE-2020-11879
An issue exists in GNOME Evolution prior to 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warn...
Gnome Evolution
2 Articles
6.5
CVSSv3
CVE-2020-4089
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL No...
Hcltech Notes 9.0
Hcltech Notes 10.0
Hcltech Notes 11.0
2 Articles
NA
CVE-2023-37321
D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not requir...
6.5
CVSSv3
CVE-2020-11880
An issue exists in KDE KMail prior to 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demon...
Kde Kmail
2 Articles
7.5
CVSSv3
CVE-2015-7945
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti prior to 2.9.7, 2.10.x prior to 2.10.8, 2.11.x prior to 2.11.8, 2.12.x prior to 2.12.6, 2.13.x prior to 2.13.3, 2.14.x prior to 2.14.2, and 2.15.x prior to 2.15.2 allows remote malicious users to obtain the DRBD se...
Spi-inc Ganeti 2.15.0
Spi-inc Ganeti 2.13.1
Spi-inc Ganeti 2.13.2
Spi-inc Ganeti 2.12.4
Spi-inc Ganeti 2.12.5
Spi-inc Ganeti 2.10.0
Spi-inc Ganeti 2.10.7
Spi-inc Ganeti 2.11.0
Spi-inc Ganeti 2.11.5
Spi-inc Ganeti 2.11.6
Spi-inc Ganeti 2.14.1
Spi-inc Ganeti 2.14.0
Spi-inc Ganeti 2.13.0
Spi-inc Ganeti 2.12.1
Spi-inc Ganeti 2.12.0
Spi-inc Ganeti 2.10.2
Spi-inc Ganeti 2.10.3
Spi-inc Ganeti 2.10.4
Spi-inc Ganeti 2.11.1
Spi-inc Ganeti 2.11.2
Spi-inc Ganeti 2.12.2
Spi-inc Ganeti 2.12.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »