Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3806
CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta Porto 7.1.0: https://drive.google.com/file/d...
1 Github repository
NA
CVE-2024-3807
CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta Porto 7.1.0: https://drive.google.com/file/d...
1 Github repository
NA
CVE-2022-7890
Ethical Hacking Technical Report Name of Company: Procas T Nation Prepared by: Chino Lawrence A. Noble and Boyet P. Peñales Date: May 10, 2024 Executive Summary: This report details the findings of an ethical hacking assessment conducted for Procas T Nation. The assessment...
1 Github repository
NA
CVE-2024-34310
CVE-2024-34310 CVE-2024-34310 [Suggested description] Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter. [Vulnerability Type] SQL Injection [Vendor of Product] https://www.bjjfsd.com/ [Affected Product...
1 Github repository
NA
CVE-2024-4701
Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any user-specified filename and file contents to any location on th...
NA
CVE-2024-34350
Next.js Vulnerable to HTTP Request Smuggling. Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerab...
NA
CVE-2024-29212
Veeam Service Provider Console Vulnerability. Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Executi...
NA
CVE-2024-34342
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be ...
NA
CVE-2024-4367
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF. If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the...
NA
CVE-2024-34351
A vulnerability in NextJS's handling of SSRF (Server Side Request Forgery) through its image optimization component and server actions. Malicious actors could exploit this by redirecting server-side fetch operations to unintended URLs, potentially accessing sensitive interna...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »