Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4174
Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an malicious user to execute malicious Javascript code on the client by injecting that code into the URL.
8.6
CVSSv3
CVE-2024-20353
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to cause the device to reload unexpectedly, resulting in a denial of ...
Cisco Adaptive Security Appliance Software 9.16.1
Cisco Adaptive Security Appliance Software 9.8.2
Cisco Adaptive Security Appliance Software 9.8.3.18
Cisco Adaptive Security Appliance Software 9.8.3.26
Cisco Adaptive Security Appliance Software 9.12.2
Cisco Adaptive Security Appliance Software 9.8.2.24
Cisco Adaptive Security Appliance Software 9.8.3.16
Cisco Adaptive Security Appliance Software 9.8.4.29
Cisco Adaptive Security Appliance Software 9.12.2.5
Cisco Adaptive Security Appliance Software 9.12.4.4
Cisco Adaptive Security Appliance Software 9.8.2.20
Cisco Adaptive Security Appliance Software 9.8.4
Cisco Adaptive Security Appliance Software 9.8.4.26
Cisco Adaptive Security Appliance Software 9.14.1.30
Cisco Adaptive Security Appliance Software 9.14.1.15
Cisco Adaptive Security Appliance Software 9.8.2.26
Cisco Adaptive Security Appliance Software 9.8.2.28
Cisco Adaptive Security Appliance Software 9.8.2.33
Cisco Adaptive Security Appliance Software 9.8.2.35
Cisco Adaptive Security Appliance Software 9.8.2.38
Cisco Adaptive Security Appliance Software 9.8.4.8
Cisco Adaptive Security Appliance Software 9.8.4.10
1 Github repository
3 Articles
NA
CVE-2024-28976
Dell Repository Manager, versions before 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privile...
NA
CVE-2024-28977
Dell Repository Manager, versions 3.4.2 up to and including 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesys...
NA
CVE-2024-31841
An issue exists in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated malicious users to read arbitrary files on the filesystem.
NA
CVE-2024-1491
The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash...
NA
CVE-2023-6805
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible ...
5.3
CVSSv3
CVE-2024-20991
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Ser...
NA
CVE-2024-1665
lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. While the web UI restricts evaluation creation to paid accounts, the server-side API endpoint '/v1/evaluatio...
NA
CVE-2024-1666
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. A...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »