Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wire vulnerabilities and exploits
(subscribe to this query)
5.7
CVSSv3
CVE-2021-41101
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XS...
Wire Wire Server
7.5
CVSSv3
CVE-2021-41119
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a...
Wire Wire-server
8.1
CVSSv3
CVE-2022-31122
Wire is an encrypted communication and collaboration platform. Versions before 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all...
Wire Wire Server
6.5
CVSSv3
CVE-2021-21396
wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the `GET /users/list-clients` endpoint. The endpoint could be used by any logged...
Wire Wire Server
8.1
CVSSv3
CVE-2022-23610
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without S...
Wire Wire-server
9.8
CVSSv3
CVE-2021-41193
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions before 7.1.12 allows an malicious user to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs ...
Wire Wire-audio Video Signaling
9.1
CVSSv3
CVE-2021-29508
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializ...
Asynkron Wire
9.6
CVSSv3
CVE-2021-21382
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://gi...
Wire Restund
8.8
CVSSv3
CVE-2023-48221
wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an malicious user to cause a denial of service or possibly execute arbitrar...
Wire Audio\\, Video\\, And Signaling
NA
CVE-2007-6172
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
Wire Plastic Design Wpquiz 2.7
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »