Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33900
KeePassXC 2.7.7 allows malicious users to recover cleartext credentials.
NA
CVE-2024-35195
Requests is a HTTP library. before 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to...
NA
CVE-2024-35192
Trivy is a security scanner. before 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud...
NA
CVE-2024-33901
Issue in KeePassXC 2.7.7 allows an malicious user to recover some passwords stored in the .kdbx database.
NA
CVE-2024-35194
Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cas...
NA
CVE-2024-35191
Formie is a Craft CMS plugin for creating forms. before 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a su...
NA
CVE-2024-29000
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
NA
CVE-2024-24293
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an malicious user to execute arbitrary code via the M function e argument in index.js.
NA
CVE-2024-29651
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote malicious user to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions.
NA
CVE-2024-34949
likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList function.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »