Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32492
An issue exists in Znuny 7.0.1 up to and including 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.
NA
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote malicious user to execute arbitrary code via a crafted script to the api/v1 component.
NA
CVE-2024-33445
An issue in hisiphp v2.0.111 allows a remote malicious user to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component.
NA
CVE-2024-32269
An issue in Yonganda YAD-LOJ V3.0.561 allows a remote malicious user to cause a denial of service via a crafted packet.
NA
CVE-2024-32491
An issue exists in Znuny and Znuny LTS 6.0.31 up to and including 6.5.7 and Znuny 7.0.1 up to and including 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if th...
NA
CVE-2024-32493
An issue exists in Znuny LTS 6.5.1 up to and including 6.5.7 and Znuny 7.0.1 up to and including 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.
NA
CVE-2024-33444
SQL injection vulnerability in onethink v.1.1 allows a remote malicious user to escalate privileges via a crafted script to the ModelModel.class.php component.
NA
CVE-2024-33449
An SSRF issue in the PDFMyURL service allows a remote malicious user to obtain sensitive information and execute arbitrary code via a POST request in the url parameter
NA
CVE-2023-48683
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758.
NA
CVE-2024-23995
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and previous versions allows remote malicious users to execute arbitrary code in the column name of a database table in tabulator-popup-container.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »