Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spread vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2022-1739
The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the m...
Dominionvoting Imagecast X
Dominionvoting Imagecast X 5.5.10.32
Dominionvoting Imagecast X 5.5.10.30
9.8
CVSSv3
CVE-2020-10269
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and pas...
Aliasrobotics Mir100 Firmware
Aliasrobotics Mir200 Firmware
Aliasrobotics Mir250 Firmware
Aliasrobotics Mir500 Firmware
Aliasrobotics Mir1000 Firmware
Mobile-industrial-robotics Er200 Firmware
Enabled-robotics Er-lite Firmware
Enabled-robotics Er-flex Firmware
Enabled-robotics Er-one Firmware
Uvd-robots Uvd Robots Firmware
6.1
CVSSv3
CVE-2020-26505
A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an malicious user to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow...
Marmind Marmind 4.1.141.0
7.5
CVSSv3
CVE-2022-2309
NULL Pointer Dereference allows malicious users to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 up to and including 2.9.14. libxml2 2.9.9 and previous versions are not affected. It allows triggering crashes thr...
Lxml Lxml
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2020-10270
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and p...
Aliasrobotics Mir100 Firmware
Aliasrobotics Mir200 Firmware
Aliasrobotics Mir250 Firmware
Aliasrobotics Mir500 Firmware
Aliasrobotics Mir1000 Firmware
Mobile-industrial-robotics Er200 Firmware
Enabled-robotics Er-lite Firmware
Enabled-robotics Er-flex Firmware
Enabled-robotics Er-one Firmware
Uvd-robots Uvd Robots Firmware
9
CVSSv3
CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug templ...
Pugjs Pug
Pugjs Pug-code-gen
4.8
CVSSv3
CVE-2016-7168
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress prior to 4.6.1 might allow remote malicious users to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a c...
Wordpress Wordpress
11 Github repositories
NA
CVE-2003-0284
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote malicious users to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.
Adobe Acrobat 5.0
NA
CVE-2005-1790
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and previous versions versions, allows remote malicious users to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched...
Microsoft Internet Explorer 6.0.2900.2180
Microsoft Internet Explorer 6.0.2800.1106
1 EDB exploit
9.8
CVSSv3
CVE-2019-0708
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulne...
Microsoft Windows Vista -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 -
Microsoft Windows Xp -
Microsoft Windows Server 2003 -
Microsoft Windows Server 2003 R2
Microsoft Windows 7 -
5 EDB exploits
2 Metasploit modules
172 Github repositories
10 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »