Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33525
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to in...
NA
CVE-2024-35059
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows malicious users to execute arbitrary commands.
NA
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows malicious users to execute arbitrary commands via supplying a crafted YAML file.
NA
CVE-2024-35061
NASA AIT-Core v2.5.2 exists to use unencrypted channels to exchange data over the network, allowing malicious users to execute a man-in-the-middle attack.
NA
CVE-2024-31989
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin...
NA
CVE-2024-25724
In RTI Connext Professional 5.3.1 up to and including 6.1.0 prior to 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows malicious users to execute code with the affected service's privileges, c...
NA
CVE-2024-35057
An issue in NASA AIT-Core v2.5.2 allows malicious users to execute arbitrary code via a crafted packet.
NA
CVE-2024-31757
An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local malicious user to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.
NA
CVE-2024-34240
QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records.
NA
CVE-2024-4154
In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »