Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4863

Published: 12/09/2023 Updated: 07/01/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Chrome

Vulnerability Summary

Heap buffer overflow in libwebp in Google Chrome before 116.0.5845.187 and libwebp 1.3.2 allowed a remote malicious user to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 37

fedoraproject fedora 38

fedoraproject fedora 39

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

mozilla firefox

mozilla thunderbird

mozilla firefox esr

microsoft edge

webmproject libwebp

Vendor Advisories

Debian CVElist Bug Report Logs: Subject: CVE-2023-4863: Heap buffer overflow in WebP
Debian Bug report logs - #1051787 Subject: CVE-2023-4863: Heap buffer overflow in WebP Package: libwebp; Maintainer for libwebp is Jeff Breidenbach <jab@debianorg>; Reported by: Jeffrey Cliff <jeffreycliff@gmailcom> Date: Tue, 12 Sep 2023 15:15:01 UTC Severity: grave Tags: security Merged with 1051786 Reply ...
Red Hat: Important: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update
Synopsis Important: Migration Toolkit for Containers (MTC) 180 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 180 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Red Hat: Important: Migration Toolkit for Applications security and bug fix update
Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 621 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Red Hat: Important: Logging Subsystem 5.7.7 - Red Hat OpenShift security update
Synopsis Important: Logging Subsystem 577 - Red Hat OpenShift security update Type/Severity Security Advisory: Important Topic Logging Subsystem 577 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...
Red Hat: Important: Logging Subsystem 5.6.12 - Red Hat OpenShift security update
Synopsis Important: Logging Subsystem 5612 - Red Hat OpenShift security update Type/Severity Security Advisory: Important Topic Logging Subsystem 5612 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.13 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 1713 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 1713 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Debian Security Advisories: DSA-5498-1 thunderbird -- security update
A buffer overflow in parsing WebP images may result in the execution of arbitrary code For the oldstable distribution (bullseye), this problem has been fixed in version 1:102151-1~deb11u1 For the stable distribution (bookworm), this problem has been fixed in version 1:102151-1~deb12u1 We recommend that you upgrade your thunderbird packages ...
Debian Security Advisories: DSA-5497-1 libwebp -- security update
A buffer overflow in parsing WebP images may result in the execution of arbitrary code For the oldstable distribution (bullseye), this problem has been fixed in version 061-21+deb11u2 We recommend that you upgrade your libwebp packages For the detailed security status of libwebp please refer to its security tracker page at: security-t ...
Debian Security Advisories: DSA-5497-1 libwebp -- security update
A buffer overflow in parsing WebP images may result in the execution of arbitrary code For the stable distribution (bookworm), this problem has been fixed in version 124-02+deb12u1 We recommend that you upgrade your libwebp packages For the detailed security status of libwebp please refer to its security tracker page at: security-trac ...
Debian Security Advisories: DSA-5496-1 firefox-esr -- security update
A buffer overflow in parsing WebP images may result in the execution of arbitrary code For the oldstable distribution (bullseye), this problem has been fixed in version 102151esr-1~deb11u1 For the stable distribution (bookworm), this problem has been fixed in version 102151esr-1~deb12u1 We recommend that you upgrade your firefox-esr packages ...
Mozilla: Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2
Mozilla Foundation Security Advisory 2023-40 Security Vulnerability fixed in Firefox 11701, Firefox ESR 11521, Firefox ESR 102151, Thunderbird 102151, and Thunderbird 11522 Announced September 12, 2023 Impact critical Products Firefox 117 ...
Red Hat:
Description<!---->A vulnerability was found in libwebp Following security issue located within the "BuildHuffmanTable" function, which serves the purpose of data accuracy verification The vulnerability arises when the function allocates additional memory if the existing table size is insufficient for valid data In practical security issue occurs ...
Amazon Linux 2: ALAS2-2023-2290
Heap buffer overflow in WebP in Google Chrome prior to 11605845187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (Chromium security severity: Critical) (CVE-2023-4863) ...
Amazon Linux 2: ALASFIREFOX-2023-015
Heap buffer overflow in WebP in Google Chrome prior to 11605845187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (Chromium security severity: Critical) (CVE-2023-4863) ...
Amazon Linux 2: ALAS2-2023-2291
Heap buffer overflow in WebP in Google Chrome prior to 11605845187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (Chromium security severity: Critical) (CVE-2023-4863) With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap The ReadHuffmanCodes() function alloca ...
Amazon Linux 2: ALAS-2023-2337
Heap buffer overflow in WebP in Google Chrome prior to 11605845187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (Chromium security severity: Critical) (CVE-2023-4863) ...
Citrix Security Bulletins: Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products
Cloud Software Group will continue to update this post as additional information becomes available ...
Check Point Security Alerts: Google Chrome Buffer Overflow (CVE-2023-4863)
Check Point Reference: CPAI-2023-1129 Date Published: 12 Nov 2023 Severity: High ...
Google Chrome: Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 117 to the stable channel for Windows, Mac and Linux This will roll out over the coming days/weeksChrome 1170593862 (Linux and Mac), 1170593862/63( Windows) contains a number of fixes and improvements -- a list of changes is available in the&nbsp;log Watch out for upcoming&n ...
Google Chrome: Stable Channel Update for Desktop
The Stable and Extended stable channels has been updated to 11605845187 for Mac and Linux and 11605845187/188 for Windows, which will roll out over the coming days/weeks A full list of changes in this build is available in the logThe Extended Stable channel has been updated to 11605845188 for Windows and 11605845187 for Mac, which wi ...
Google Chrome: Stable Channel Update for ChromeOS / ChromeOS Flex
The Stable channel is being updated to OS version:&nbsp;15572500&nbsp;Browser version:&nbsp;11705938115&nbsp;for most ChromeOS devicesIf you find new issues, please let us know one of the following waysFile a bugVisit our ChromeOS communitiesGeneral:&nbsp;Chromebook Help CommunityBeta Specific:&nbsp;ChromeOS Beta Help CommunityReport an issue ...
Google Chrome: Long Term Support Channel Update for ChromeOS
LTS-108 is being updated in the LTS channel to&nbsp;10805359243&nbsp;(Platform Version:&nbsp;151831060) for most ChromeOS devices Want to know more about Long Term Support? Click&nbsp;hereThis update contains multiple Security fixes, including:1479274&nbsp;High&nbsp;CVE-2023-4863&nbsp;Heap buffer overflow in Web1472492&nbsp;High&nbsp;CVE-202 ...
Google Chrome: Long Term Support (LTS) channel for ChromeOS - Major update from 108 -> 114
The Long Term Support Candidate has been promoted to ChromeOS LTS 114 and is rolling out to most ChromeOS devices The current version is&nbsp;11405735334&nbsp;(Platform Version:&nbsp;15437700)If you are currently on the ChromeOS Long Term Support (LTS) channel (and not pinned to 108), your devices will automatically update from ChromeOS LTS ...
Palo Alto Networks Security Advisory: CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863
CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863 ...
Brocade Security Advisories: Access Denied
Menu Log in ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/72cdbe8a5e2c081fc6c2135e3827cadb
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/houjingyi233/awesome-fuzz

Awesome Fuzzing Resources 记录一些fuzz的工具和论文。githubcom/secfigo/Awesome-Fuzzing可能很多人看过,我也提交过一些Pull Request,但是觉得作者维护不是很勤快:有很多过时的信息,新的信息没有及时加入,整体结构也很乱。而且很多paper细节太模糊又不开源,其实也没有参考意义,不用去浪

https://github.com/Songg45/CVE-2023-4683-Test

CVE-2023-4683 - Test

CVE-2023-4683-Test This repo holds an easy to use POC for CVE-2023-4683 Just git clone this repo and either extract webp-test or run setup-webp-testsh webp-test already has the necessary files (git commit 7ba44f80f3b94fc0138db159afea770ef06532a0 of chromiumgooglesourcecom/webm/libwebp/), and a specially crafted badwebp and badwebppng files located in the webp_te

https://github.com/bbaranoff/CVE-2023-4863

CVE-2023-4863 # checkout webp git clone chromiumgooglesourcecom/webm/libwebp/ webp_test cd webp_test/ # checkout vulnerable version git checkout 7ba44f80f3b94fc0138db159afea770ef06532a0 # enable AddressSanitizer sed -i 's/^EXTRA_FLAGS=*/&amp; -fsanitize=address/' makefileunix # build webp make -f makefileunix cd examples/ # fetch mistymntnco

https://github.com/naugtur/naughty-images

SVG Images with XSS in them

naughty images SVG Images with XSS in them A collection of SVG XSS samples I created, found or recreated Some of them may not work 0x are pure xss 1x require user interaction 2x are DOS 3x are other shenanigans CVE-2023-4863 PoC copy blogisoscelescom/the-webp-0day/ webp/ contains a copy of the PoC webp out-of-bound write Unfortunately it doesn't have an exp

https://github.com/cgohlke/win_arm64-wheels

Experimental Wheels for Python for Windows on ARM64

Experimental Wheels for Python for Windows on ARM64 This repository provides experimental binary wheels for open-source extension packages for Python for Windows on ARM64 The files are experimental (meaning: unofficial, informal, unrecognized, unsupported, no warranty, no liability, provided "as is") and made available for testing and evaluation purposes They are no

https://github.com/OITApps/Find-VulnerableElectronVersion

Scans an executable and determines if it was wrapped in an Electron version vulnerable to the Chromium vulnerability CVE-2023-4863/ CVE-2023-5129

Find-VulnerableElectronVersion Scans an executable and determines if it was wrapped in an Electron version vulnerable to the Chromium vulnerability CVE-2023-4863/ CVE-2023-5129 using the Sysinternals tool Strings Only supported on Windows devices Requires Sysinternals to be installed: learnmicrosoftcom/en-us/sysinternals/downloads/sysinternals-suite Example syntax:

https://github.com/GTGalaxi/ElectronVulnerableVersion

Find Electron Apps Vulnerable to CVE-2023-4863 / CVE-2023-5129

Find Electron Apps Vulnerable to CVE-2023-4863 / CVE-2023-5129 This PowerShell script downloads Sysinternals Strings, recursively searches for strings within all exe files across all drives, and compares the Electron version found with known patched versions below to determine vulnerability to CVE-2023-4863 / CVE-2023-5129 Note: The script downloads stringszip to C:\Windows

https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863

BAD-WEBP-CVE-2023-4863

BAD-WEBP-CVE-2023-4863 BAD-WEBP-CVE-2023-4863

https://github.com/Tougee/GlideWebpDecoder

GlideWebpDecoder A port version of githubcom/zjupure/GlideWebpDecoder which use libwebp version 132 code to fix CVE-2023-4863 implementation 'comgithubtougee:GlideWebpDecoder:001'

https://github.com/murphysecurity/libwebp-checker

A tool for finding vulnerable libwebp(CVE-2023-4863)

中文 | EN CVE-2023-4863 libwebp dependency check tools This tool checks if your server's application or process that is affected by CVE-2023-4863 libwebp Heap buffer overflow (Version above 050) Run this script in your production environment carefully Result Screen Shot Scan Result Table of Contents How it works Working Scenarios Getting Started Communicatio

https://github.com/mistymntncop/CVE-2023-4863

CVE-2023-4863/CVE-2023-41064 A POC for CVE-2023-4863 NOT an exploit Shout to @benhawkes who discovered the right set of code_lengths to trigger this vulnerability! Please consult Ben's blog post for more information! blogisoscelescom/the-webp-0day/

https://github.com/Microsvuln/CVE-2023-4863

Triggering the famous libweb 0day vuln with libfuzzer

CVE-2023-4863 Triggering the famous libweb 0day vuln with libfuzzer Note : This is not a standard / stable harness yet!

https://github.com/LiveOverflow/webp-CVE-2023-4863

libwebp CVE-2023-4863 A Vulnerability to Hack The World - CVE-2023-4863 Finding The webp Vulnerability in 8s (Fuzzing with AFL++)

https://github.com/alsaeroth/CVE-2023-4863-POC

C implementation of libwebp 0-click vulnerability

CVE-2023-4863-POC C implementation of libwebp 0-click vulnerability

https://github.com/DanGough/PoshCVE

A PowerShell module for querying the National Vulnerability Database

PoshCVE A PowerShell module for querying the National Vulnerability Database Search for CVEs by ID, vendor, product, and more Installation Install from the Powershell Gallery by running the following command: Install-Module -Name PoshCVE -Scope CurrentUser Usage Get-CVE Parameters: ID Specifies the ID of the CVE entry to retrieve

https://github.com/caoweiquan322/NotEnough

This tool calculates tricky canonical huffman histogram for CVE-2023-4863.

Huffman table hacking tool This tool calculates tricky canonical huffman histogram, which is able to trigger OOB (Out Of Band) write for vulnerable libwebp library (ie libwebp &lt;= 131) This vulnerability is known as CVE-2023-4863 or CVE-2023-41064 We can overflow the pre-allocated huffman table by at most 132 entries The rationale is that libwebp assumes the huffm

https://github.com/msuiche/elegant-bouncer

ELEGANTBOUNCER is a detection tool for file-based mobile exploits.

ELEGANTBOUNCER ELEGANTBOUNCER is a detection tool for file-based mobile exploits It employs an innovative approach for advanced file-based threat identification, eliminating the need for in-the-wild samples and outperforming traditional methods based on regular expressions or IOCs At present, it primarily targets the identification of mobile vulnerabilities such as FORCEDENTR

https://github.com/mmomtchev/magickwand.js

Full native ImageMagick-7 bindings for Node.js native & WASM - showcase for SWIG Node-API

magickwandjs formerly known as node-magickwand This package is a full native port of the ImageMagick-7 C++ library to both Nodejs native and browser WASM using SWIG Node-API + emnapi Unlike all other ImageMagick npm packages, it does not use the CLI to interact with the utilities, but offers direct access to the full C++ API It supports both synchronous and multithreade

https://github.com/DarkNavySecurity/PoC

PoC A collection of proof-of-concept codes from DARKNAVY CVE-2023-32434 Target: iOS &amp;&amp; macOS Version: before iOS 1651 &amp;&amp; macOS 1341 CVE-2023-4863 Target: Chrome Renderer Version: 119060220 Blog Post: Part 1, Part 2

https://github.com/jiegec/awesome-stars

Awesome List of my own!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents AGS Script ASL ActionScript Ada Agda Arc Arduino Assembly Awk Batchfile Bikeshed Bluespec Brainfuck C C# C++ CMake CSS Chapel Cirru Clojure CoffeeScript Common Lisp Coq Crystal Cuda Cython D Dart Dockerfile Eagle Earthly Elixir Elm Emacs Lisp Erlang F# F* Fennel Forth Fortran Frege G-code GLSL G

Recent Articles

IT threat evolution in Q3 2023. Non-mobile statistics
Securelist • AMR • 01 Dec 2023

These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...

Read more...
CISA adds latest Chrome zero-day to Known Exploited Vulnerabilities Catalog
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Chrome’s second zero-day of the month puts fed security at 'significant risk'

The US's Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-5217, received a patch from Google last week and was assigned a severity rating of 8.8 on the CVSS v3 scale. With its addition to the KEV Catalog, CISA has effectively indicated that exploits for the vulnerability pose a "significant risk to the federal enterprise,...

Read more...
Google's Chrome gets caught with its WebP down, offers hasty patch-up
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Exploit observed in the wild as Mountain View pushes out updates

Google has rushed out a fix for a vulnerability in its Chrome browser, noting that an exploit already exists in the wild. The search giant has followed Apple in hurriedly issuing an update in response to research from The Citizen Lab at The University of Toronto's Munk School. It also credited the Apple Security Engineering and Architecture (SEAR) team for the report. The critical vulnerability, CVE-2023-4863, is related to a heap buffer overflow in WebP. WebP, according to Google, "is a modern ...

Read more...
It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Happy Halloween! Security bugs under attack squashed, more flaws fixed Farewell WordPad, we hardly knew ye

Patch Tuesday Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP/2 weakness that has also been exploited in the wild. That last one – tracked as CVE-2023-44487 aka Rapid Reset – is an HTTP/2 protocol vulnerability that has been abused since August to launch massive distributed denial of service (DDoS) attacks. Microsoft, Amazon, Google, and Cloudflare all released miti...

Read more...
Google reveals zero-day exploits in enterprise tech surged 64% last year
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crooks know where the big bucks are

Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. In a report published today, Google's Threat Analysis Group (TAG) and Mandiant said they tracked 97 total zero-day vulnerabilities found and exploited by miscreants in 2023, which is considerably more than the year prior, with 62 vulnerabilities. Enterprise-specific technology zero-days, however, increased by 64 percent in 2023 compared to 2...

Read more...

References

CWE-787https://crbug.com/1479274https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=1215231https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/https://security-tracker.debian.org/tracker/CVE-2023-4863https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17ahttps://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/https://en.bandisoft.com/honeyview/history/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863https://news.ycombinator.com/item?id=37478403https://www.debian.org/security/2023/dsa-5496https://www.debian.org/security/2023/dsa-5497https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/https://lists.debian.org/debian-lts-announce/2023/09/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/https://www.debian.org/security/2023/dsa-5498https://security.gentoo.org/glsa/202309-05https://lists.debian.org/debian-lts-announce/2023/09/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/https://github.com/webmproject/libwebp/releases/tag/v1.3.2https://lists.debian.org/debian-lts-announce/2023/09/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/http://www.openwall.com/lists/oss-security/2023/09/21/4https://blog.isosceles.com/the-webp-0day/http://www.openwall.com/lists/oss-security/2023/09/22/1http://www.openwall.com/lists/oss-security/2023/09/22/3http://www.openwall.com/lists/oss-security/2023/09/22/4http://www.openwall.com/lists/oss-security/2023/09/22/5http://www.openwall.com/lists/oss-security/2023/09/22/7http://www.openwall.com/lists/oss-security/2023/09/22/8http://www.openwall.com/lists/oss-security/2023/09/22/6http://www.openwall.com/lists/oss-security/2023/09/26/1http://www.openwall.com/lists/oss-security/2023/09/26/7http://www.openwall.com/lists/oss-security/2023/09/28/1http://www.openwall.com/lists/oss-security/2023/09/28/2http://www.openwall.com/lists/oss-security/2023/09/28/4https://security.netapp.com/advisory/ntap-20230929-0011/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/https://sethmlarson.dev/security-developer-in-residence-weekly-report-16https://www.bentley.com/advisories/be-2023-0001/https://security.gentoo.org/glsa/202401-10https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787https://nvd.nist.govhttps://github.com/Songg45/CVE-2023-4683-Testhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-320-11https://www.debian.org/security/2023/dsa-5498
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook