Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
application express vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-0215
Microsoft Outlook Express 5.5 and 6 allows malicious users to cause a denial of service (application crash) via a malformed e-mail header.
Microsoft Outlook Express 6.0
Avaya Definity One Media Server
Avaya Ip600 Media Servers
Avaya S8100
Avaya Modular Messaging Message Storage Server S3400
NA
CVE-2013-1168
The web server in Cisco Unified MeetingPlace Application Server 7.x prior to 7.1MR1 Patch 2, 8.0 prior to 8.0MR1 Patch 1, and 8.5 prior to 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote malicious users to hijack sessions by lev...
Cisco Unified Meetingplace 7.0.2
Cisco Unified Meetingplace 7.0
Cisco Unified Meetingplace 7.0.3
Cisco Unified Meetingplace 7.1
Cisco Unified Meetingplace 7.0.1
Cisco Unified Meetingplace 8.0
Cisco Unified Meetingplace 8.5
Cisco Unified Meetingplace 8.5.1
Cisco Unified Meetingplace 8.5.2
Cisco Unified Meetingplace 8.5.3
7.8
CVSSv3
CVE-2017-12261
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local malicious user to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the...
Cisco Identity Services Engine 1.4
Cisco Identity Services Engine 2.0
Cisco Identity Services Engine 2.0.1
Cisco Identity Services Engine 2.1.0
Cisco Identity Services Engine Express 2.0
Cisco Identity Services Engine Express 2.0.1
Cisco Identity Services Engine Express 2.1.0
Cisco Identity Services Engine Express 1.4
Cisco Identity Services Engine Virtual Appliance 2.0
Cisco Identity Services Engine Virtual Appliance 2.1.0
Cisco Identity Services Engine Virtual Appliance 1.4
Cisco Identity Services Engine Virtual Appliance 2.0.1
9.8
CVSSv3
CVE-2021-43935
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resultin...
Baxter Welch Allyn Connex Cardio
Baxter Welch Allyn Diagnostic Cardiology Suite 2.1.0
Baxter Welch Allyn Rscribe Resting Ecg System
Baxter Welch Allyn Vision Express Holter Analysis System
Baxter Welch Allyn Hscribe Holter Analysis System Firmware
Baxter Welch Allyn Q-stress Cardiac Stress Testing System Firmware
Baxter Welch Allyn Xscribe Cardiac Stress Testing System Firmware
NA
CVE-2009-1520
Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 up to and including 5.1.8.2, 5.2.0.0 up to and including 5.2.5.3, 5.3.0.0 up to and including 5.3.6.4, 5.4.0.0 up to and including 5.4.2.6, and 5.5.0.0 up to and including 5.5.1.17 allows malici...
Ibm Tivoli Storage Manager Client 5.2
Ibm Tivoli Storage Manager Client 5.2.5.1
Ibm Tivoli Storage Manager Client 5.3.6.3
Ibm Tivoli Storage Manager Client 5.4
Ibm Tivoli Storage Manager Client 5.1.8.0
Ibm Tivoli Storage Manager Client 5.1.8.2
Ibm Tivoli Storage Manager Client 5.3.5.3
Ibm Tivoli Storage Manager Client 5.3.6.4
Ibm Tivoli Storage Manager Express 5.3.3.0
Ibm Tivoli Storage Manager Express 5.3.6.4
Ibm Tivoli Storage Manager Client 5.1
Ibm Tivoli Storage Manager Client 5.3
Ibm Tivoli Storage Manager Client 5.3.5.2
Ibm Tivoli Storage Manager Client 5.4.1.2
Ibm Tivoli Storage Manager Express 5.3
Ibm Tivoli Storage Manager Client 5.2.5.2
Ibm Tivoli Storage Manager Client 5.2.5.3
Ibm Tivoli Storage Manager Client 5.4.1.1
Ibm Tivoli Storage Manager Client 5.4.1.96
6.1
CVSSv3
CVE-2016-1318
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote malicious users to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
Cisco Application Policy Infrastructure Controller Enterprise Module 1.1 Base
6.1
CVSSv3
CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI prior to 1.12.0 might allow remote malicious users to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Jqueryui Jquery Ui
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Hospitality Cruise Fleet Management 9.0.11
Oracle Application Express
Oracle Primavera Unifier
Oracle Siebel Ui Framework
Oracle Oss Support Tools
Oracle Oss Support Tools 2.12.42
Fedoraproject Fedora 30
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Snapcenter -
Redhat Openstack 7.0
Redhat Openstack 9
Redhat Openstack 8
Juniper Junos 21.2
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 prior to 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
Ckeditor Ckeditor
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Express
Oracle Banking Party Management 2.7.0
Oracle Commerce Merchandising 11.1.0
Oracle Commerce Merchandising 11.2.0
Oracle Commerce Merchandising
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Analytical Applications Infrastructure 8.1.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Financial Services Model Management And Governance
Oracle Jd Edwards Enterpriseone Tools
Oracle Siebel Ui Framework
Oracle Webcenter Sites 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.4.0
7.5
CVSSv3
CVE-2016-1347
The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 up to and including 15.5 allows remote malicious users to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.
Cisco Ios 15.2\\(4\\)m7
Cisco Ios 15.4\\(3\\)m2
Cisco Ios 15.4\\(2\\)t1
Cisco Ios 15.4\\(1\\)t2
Cisco Ios 15.1\\(4\\)gc2
Cisco Ios 15.4\\(2\\)t2
Cisco Ios 15.5\\(2\\)t3
Cisco Ios 15.4\\(3\\)m3
Cisco Ios 15.4\\(2\\)t3
Cisco Ios 15.5\\(3\\)m
Cisco Ios 15.5\\(2\\)t1
Cisco Ios 15.5\\(2\\)t2
Cisco Ios 15.4\\(3\\)m
Cisco Ios 15.4\\(3\\)m1
Cisco Ios 15.4\\(2\\)t
Cisco Ios 15.4\\(2\\)t4
Cisco Ios 15.4\\(1\\)t
Cisco Ios 15.4\\(1\\)t1
Cisco Ios 15.3\\(3\\)m3
Cisco Ios 15.3\\(3\\)m4
Cisco Ios 15.3\\(3\\)m6
Cisco Ios 15.3\\(3\\)m
5.4
CVSSv3
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, w...
Ckeditor Ckeditor
Drupal Drupal
Oracle Webcenter Portal 12.2.1.3.0
Oracle Agile Product Lifecycle Management 9.3.6
Oracle Banking Digital Experience 19.1
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Portal 12.2.1.4.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Banking Digital Experience 21.1
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience
Oracle Application Express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »