Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5084
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution CVE-2024-5084 The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil...
1 Github repository
NA
CVE-2024-99999
whatsthetalk.eu Research in API security If you want to lead, just find the API key. Powered by wtt wtt is a simple command line "ChatGPT". It is a wrapper around google.generativeai that accepts variable number of string and/or file path arguments. It concatenates them...
1 Github repository
NA
CVE-2024-36079
An issue exists in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a f...
NA
CVE-2024-35373
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
NA
CVE-2024-35374
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote malicious users to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
NA
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
NA
CVE-2024-4956
CVE-2024-4956 - Unauthenticated Path Traversal in Nexus Repository Manager 3 The Nexus Repository Manager is a repository manager that organizes, stores, and distributes artifacts needed for development. A path traversal vulnerability has been discovered in Nexus Repository 3, in...
1 Github repository
NA
CVE-2024-33471
An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows malicious users to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
NA
CVE-2024-35388
TOTOLINK NR1800X v9.1.0u.6681_B20230703 exists to contain a stack overflow via the password parameter in the function urldecode
NA
CVE-2024-35387
TOTOLINK LR350 V9.3.5u.6369_B20220309 exists to contain a stack overflow via the http_host parameter in the function loginAuth.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »