Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4943
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...
NA
CVE-2024-3155
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization...
NA
CVE-2023-37929
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote malicious user to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
NA
CVE-2024-0816
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local malicious user to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
NA
CVE-2024-5145
A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricte...
NA
CVE-2024-4985
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an malicious user to forge a SAML response to provision and/or ga...
NA
CVE-2024-34710
Wiki.js is al wiki app built on Node.js. Client side template injection exists, that could allow an malicious user to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through...
NA
CVE-2024-33901
Issue in KeePassXC 2.7.7 allows an malicious user to recover some passwords stored in the .kdbx database.
NA
CVE-2024-35191
Formie is a Craft CMS plugin for creating forms. before 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a su...
NA
CVE-2024-33900
KeePassXC 2.7.7 allows malicious users to recover cleartext credentials.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »