Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x prior to 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
NA
CVE-2024-36050
Nix up to and including 2.22.1 mishandles certain usage of hash caches, which makes it easier for malicious users to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.
NA
CVE-2024-28063
Kiteworks Totemomail up to and including 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS.
NA
CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt prior to 5.15.17, 6.x prior to 6.2.13, 6.3.x up to and including 6.5.x prior to 6.5.6, and 6.6.x up to and including 6.7.x prior to 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
NA
CVE-2024-5094
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotel...
NA
CVE-2024-36043
question_image.ts in SurveyJS Form Library prior to 1.10.4 allows contentMode=youtube XSS via the imageLink property.
NA
CVE-2024-5093
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiat...
NA
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man...
NA
CVE-2024-31879
IBM i 7.2, 7.3, and 7.4 could allow a remote malicious user to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
7.8
CVSSv3
CVE-2024-3745
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »