Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
viewpoint vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-10054
H2 1.4.197, as used in Datomic prior to 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
H2database H2 1.4.197
Cognitect Datomic
2 Github repositories
7.5
CVSSv3
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway before 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
Konghq Kong Gateway
5.4
CVSSv3
CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not proper...
Grafana Grafana
8.8
CVSSv3
CVE-2022-23498
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s se...
Grafana Grafana
Grafana Grafana 8.3.0
5.4
CVSSv3
CVE-2022-23552
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files ...
Grafana Grafana
5.9
CVSSv3
CVE-2018-20200
CertificatePinner.java in OkHttp 3.x up to and including 3.12.0 allows man-in-the-middle malicious users to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider t...
Squareup Okhttp
5.3
CVSSv3
CVE-2020-29582
In JetBrains Kotlin prior to 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Jetbrains Kotlin
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
5.3
CVSSv3
CVE-2022-24329
In JetBrains Kotlin prior to 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Jetbrains Kotlin
Oracle Communications Pricing Design Center 12.0.0.4
Oracle Communications Pricing Design Center 12.0.0.5
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
7.5
CVSSv3
CVE-2019-5232
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak.
Huawei Vp9630 Firmware V500r002c00
Huawei Vp9630 Firmware V500r002c10
Huawei Vp9650 Firmware V500r002c00
Huawei Vp9650 Firmware V500r002c10
Huawei Vp9660 Firmware V500r002c00
Huawei Vp9660 Firmware V500r002c10
6.6
CVSSv3
CVE-2022-35957
Grafana is an open-source platform for monitoring and observability. Versions before 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana i...
Grafana Grafana
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »