Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
Recent vulnerabilities and exploits
NA
CVE-2024-3818
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input saniti...
NA
CVE-2024-3600
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and inc...
NA
CVE-2024-23526
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche prior to 6.4.3, in certain conditions can allow an unauthenticated remote malicious user to read sensitive information in memory.
NA
CVE-2024-24992
A Path Traversal vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to execute arbitrary commands as SYSTEM.
NA
CVE-2024-27976
A Path Traversal vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to execute arbitrary commands as SYSTEM.
NA
CVE-2024-24994
A Path Traversal vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to execute arbitrary commands as SYSTEM.
NA
CVE-2024-23533
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche prior to 6.4.3, in certain conditions can allow an authenticated remote malicious user to read sensitive information in memory.
NA
CVE-2024-23529
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche prior to 6.4.3, in certain conditions can allow an unauthenticated remote malicious user to read sensitive information in memory.
NA
CVE-2024-27984
A Path Traversal vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to delete specific type of files and/or cause denial of service.
NA
CVE-2024-24993
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche prior to 6.4.3 allows a remote authenticated malicious user to execute arbitrary commands as SYSTEM.
CVSSv3
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started