Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ui vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22196
Nginx-UI is an online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default valu...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
NA
CVE-2024-22197
Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API al...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
NA
CVE-2024-22198
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
NA
CVE-2024-23828
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
NA
CVE-2023-34840
angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 exists to contain a cross-site scripting (XSS) vulnerability.
Angular-ui-notification Project Angular-ui-notification
1 Github repository
NA
CVE-2023-24525
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of t...
Sap Customer Relationship Management Webclient Ui 7.01
Sap Customer Relationship Management Webclient Ui 7.31
Sap Customer Relationship Management Webclient Ui 7.48
Sap Customer Relationship Management Webclient Ui 8.00
Sap Customer Relationship Management Webclient Ui 8.01
Sap Customer Relationship Management Webclient Ui 7.00
Sap Customer Relationship Management Webclient Ui 7.02
Sap Customer Relationship Management Webclient Ui 7.40
Sap Customer Relationship Management Webclient Ui 7.50
Sap Customer Relationship Management Webclient Ui 7.52
Sap S4fnd 1.02
Sap S4fnd 1.03
383
VMScore
CVE-2018-2364
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Customer Relationship Management Webclient Ui 7.46
Sap Customer Relationship Management Webclient Ui 7.47
Sap Customer Relationship Management Webclient Ui 7.48
Sap Customer Relationship Management Webclient Ui 8.00
Sap Customer Relationship Management Webclient Ui 8.01
Sap Customer Relationship Management Webclient Ui 7.31
Sap Customer Relationship Management Webclient Ui 7.01
Sap S4fnd 1.02
757
VMScore
CVE-2017-11317
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote malicious users to perform arbitrary file uploads or execute arbitrary code.
Telerik Ui For Asp.net Ajax 2017.2.503
Telerik Ui For Asp.net Ajax 2017.2.621
Telerik Ui For Asp.net Ajax
1 EDB exploit
7 Github repositories
NA
CVE-2022-3824
The WP Admin UI Customize WordPress plugin prior to 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
Wp Admin Ui Customize Project Wp Admin Ui Customize
445
VMScore
CVE-2020-8148
UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.
Ui Cloud Key Gen2
Ui Cloud Key Gen2 Plus
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »