Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-22108
An issue exists in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known v...
Gttb Gtb Central Console 15.17.1-30814.ng
9.8
CVSSv3
CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an malicious user to perform a client-side path traversal.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows malicious user to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contain...
Apache Jackrabbit
9.8
CVSSv3
CVE-2022-26352
An issue exists in the ContentResource API in dotCMS 3.0 up to and including 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage l...
Dotcms Dotcms
9.8
CVSSv3
CVE-2022-22845
QXIP SIPCAPTURE homer-app prior to 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
Qxip Homer Webapp
2 Github repositories
9.8
CVSSv3
CVE-2019-9106
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
9.8
CVSSv3
CVE-2018-19971
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Jfrog Artifactory 6.5.9
9.8
CVSSv3
CVE-2017-7997
Multiple SQL injection vulnerabilities in Gespage prior to 7.4.9 allow remote malicious users to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
Gespage Gespage
1 EDB exploit
9.8
CVSSv3
CVE-2017-1002000
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
Mobile-friendly-app-builder-by-easytouch Project Mobile-friendly-app-builder-by-easytouch 3.0
1 EDB exploit
9 Github repositories
9.8
CVSSv3
CVE-2017-1002001
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Mobile-app-builder-by-wappress Project Mobile-app-builder-by-wappress 1.05
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »