Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28240
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the c...
5
CVSSv3
CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
5.4
CVSSv3
CVE-2024-29986
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
NA
CVE-2024-29987
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
6.7
CVSSv3
CVE-2024-23593
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.
1 Article
6.4
CVSSv3
CVE-2024-23594
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.
1 Article
NA
CVE-2024-3566
A command inject vulnerability allows an malicious user to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
1 Github repository
NA
CVE-2024-1874
Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running o...
1 Github repository
NA
CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion o...
1 Github repository
NA
CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to ...
13 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »