Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2024-20253
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote malicious user to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is...
Cisco Unified Communications Manager
Cisco Unified Communications Manager Im And Presence Service
Cisco Unity Connection
Cisco Unified Contact Center Express 12.5\\(1\\)
Cisco Virtualized Voice Browser 12.6\\(2\\)
Cisco Virtualized Voice Browser 12.6\\(1\\)
Cisco Virtualized Voice Browser 12.5\\(1\\)
10
CVSSv3
CVE-2023-20198
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previou...
Cisco Ios Xe
3 Metasploit modules
35 Github repositories
1 Article
10
CVSSv3
CVE-2023-4260
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
Zephyrproject Zephyr
10
CVSSv3
CVE-2023-4262
Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled
Zephyrproject Zephyr
10
CVSSv3
CVE-2023-37903
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows malicious users to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code ex...
Vm2 Project Vm2
1 Github repository
10
CVSSv3
CVE-2023-37466
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@speci...
Vm2 Project Vm2
1 Github repository
10
CVSSv3
CVE-2023-32314
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat acto...
Vm2 Project Vm2
3 Github repositories
10
CVSSv3
CVE-2021-33975
Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows malicious user to escalate privileges.
Browser.360 Safe Browser 13.0.2170.0
10
CVSSv3
CVE-2023-30547
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing malicious users to raise an unsanitized host exception inside `handleException()` which ca...
Vm2 Project Vm2
6 Github repositories
10
CVSSv3
CVE-2023-29199
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing malicious users to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in h...
Vm2 Project Vm2
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »