Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30804
An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an malicious user to execute arbitrary code via crafted IOCTL requests.
NA
CVE-2024-3051
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.
NA
CVE-2024-28322
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows malicious users to run arbitrary SQL commands via the event_id parameter in a crafted POST request.
NA
CVE-2024-3052
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.
NA
CVE-2024-4243
A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely....
NA
CVE-2024-4244
A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads t...
NA
CVE-2024-31828
Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows malicious users to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.
NA
CVE-2024-31741
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote malicious user to run arbitrary code via crafted string in the URL after login.
NA
CVE-2024-31551
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows malicious users to delete arbitrary files via crafted GET request.
NA
CVE-2024-31502
An issue in Insurance Management System v.1.0.0 and before allows a remote malicious user to escalate privileges via a crafted POST request to /admin/core/new_staff.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »