Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22338
IBM Security Verify Access OIDC Provider 22.09 up to and including 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.
NA
CVE-2024-5538
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
NA
CVE-2024-5484
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
NA
CVE-2024-5041
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible fo...
NA
CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated malicious user to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As...
NA
CVE-2024-4160
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes...
NA
CVE-2024-5347
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output esca...
NA
CVE-2024-5436
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.
NA
CVE-2024-5525
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the malicious user to perform administrative actions.
NA
CVE-2024-5523
SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »