Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
site server vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-38490
Kirby is a content management system. A vulnerability in versions before 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The...
Getkirby Kirby
10
CVSSv3
CVE-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering delet...
Typo3 Typo3
9.9
CVSSv3
CVE-2015-7926
eWON devices with firmware prior to 10.1s0 omit RBAC for I/O server information and status requests, which allows remote malicious users to obtain sensitive information via an unspecified URL.
Ewon Ewon Firmware
9.8
CVSSv3
CVE-2024-4393
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticate...
9.8
CVSSv3
CVE-2024-22212
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an malicious user to authenticate as another user. It is recommended that the Nextcloud...
Nextcloud Global Site Selector
9.8
CVSSv3
CVE-2020-26629
A JQuery Unrestricted Arbitrary File Upload vulnerability exists in Hospital Management System V4.0 which allows an unauthenticated malicious user to upload any file to the server.
Phpgurukul Hospital Management System 4.0
9.8
CVSSv3
CVE-2018-25095
The Duplicator WordPress plugin prior to 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
Snapcreek Duplicator
1 Github repository
9.8
CVSSv3
CVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated malicious user to reset Confluence and create a Confluence instance administrator account. Using this account, an ...
Atlassian Confluence Data Center
Atlassian Confluence Data Center 8.6.0
Atlassian Confluence Server
Atlassian Confluence Server 8.6.0
1 Metasploit module
11 Github repositories
4 Articles
9.8
CVSSv3
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts ...
Atlassian Confluence Server
Atlassian Confluence Data Center
1 Metasploit module
35 Github repositories
5 Articles
9.8
CVSSv3
CVE-2023-4491
Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an malicious user to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on...
Easy Address Book Web Server Project Easy Address Book Web Server 1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »