Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27830
I don't have anywhere to put my list of reported bugs, so here they are: March 2024: CVE-2024-27830 August 2022: brave/brave-browser Issue #24681
1 Github repository
NA
CVE-2024-36428
OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.
NA
CVE-2024-36426
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
NA
CVE-2024-34923
In Avocent DSR2030 Appliance firmware 03.04.00.07 prior to 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 prior to 01.07.00.00, there is reflected cross-site scripting (XSS).
NA
CVE-2024-29415
The ip package up to and including 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomp...
NA
CVE-2024-5084
π HashForm Exploit Script This script demonstrates the exploitation of CVE-2024-5084, a vulnerability in the Hash Form plugin for WordPress, which allows unauthenticated arbitrary file upload leading to remote code execution. π Vulnerability Details Name: CVE-2024-5084 Descripti...
1 Github repository
NA
CVE-2024-35181
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries p...
NA
CVE-2024-35182
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries p...
NA
CVE-2024-35238
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an malicious user to crash the Minder server and deny other users access to it. The root cause of the v...
NA
CVE-2024-36105
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `INADDR_ANY (0.0.0.0)` or `IN6ADDR_ANY (::)` exposes an application on all network i...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You donβt have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »