Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34515
image-optimizer prior to 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().
NA
CVE-2024-34508
dcmnet in DCMTK prior to 3.6.9 has a segmentation fault via an invalid DIMSE message.
NA
CVE-2024-34509
dcmdata in DCMTK prior to 3.6.9 has a segmentation fault via an invalid DIMSE message.
NA
CVE-2024-34511
Component Server in Gradio prior to 4.13 does not properly consider _is_server_fn for functions.
NA
CVE-2024-4501
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the argument tcpDump leads to os command injection. The attack may be initia...
NA
CVE-2024-34510
Gradio prior to 4.20 allows credential leakage on Windows.
NA
CVE-2024-34506
An issue exists in includes/specials/SpecialMovePage.php in MediaWiki prior to 1.39.7, 1.40.x prior to 1.40.3, and 1.41.x prior to 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will...
NA
CVE-2024-34500
An issue exists in the UnlinkedWikibase extension in MediaWiki prior to 1.39.6, 1.40.x prior to 1.40.2, and 1.41.x prior to 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getErr...
NA
CVE-2024-34507
An issue exists in includes/CommentFormatter/CommentParser.php in MediaWiki prior to 1.39.7, 1.40.x prior to 1.40.3, and 1.41.x prior to 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.
NA
CVE-2024-34502
An issue exists in WikibaseLexeme in MediaWiki prior to 1.39.6, 1.40.x prior to 1.40.2, and 1.41.x prior to 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does no...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »