Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34468
Rukovoditel prior to 3.5.3 allows XSS via user_photo to My Page.
NA
CVE-2024-34467
ThinkPHP 8.0.3 allows remote malicious users to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.
NA
CVE-2024-34469
Rukovoditel prior to 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
NA
CVE-2024-34462
Alinto SOGo up to and including 5.10.0 allows XSS during attachment preview.
NA
CVE-2023-27283
IBM Aspera Orchestrator 4.0.1 could allow a remote malicious user to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.
NA
CVE-2023-7065
The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possibl...
NA
CVE-2024-1050
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for au...
NA
CVE-2024-34460
The Tree Explorer tool from Organizer in Zenario prior to 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)
NA
CVE-2024-34461
Zenario prior to 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
NA
CVE-2024-3240
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for a...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »