Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-48126
An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows malicious users to send crafted malicious notifications via leakage of the channel access token.
Linecorp Line 13.6.1
8.8
CVSSv3
CVE-2022-34203
A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and previous versions allows malicious users to connect to an attacker-specified HTTP server.
Jenkins Easyqa
4.3
CVSSv3
CVE-2022-34204
A missing permission check in Jenkins EasyQA Plugin 1.0 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
Jenkins Easyqa
6.5
CVSSv3
CVE-2022-34205
A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and previous versions allows malicious users to send HTTP POST requests to an attacker-specified URL.
Jenkins Jianliao Notification
9.6
CVSSv3
CVE-2023-41897
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clic...
Home-assistant Home-assistant
4.3
CVSSv3
CVE-2022-34206
A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and previous versions allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.
Jenkins Jianliao Notification
6.5
CVSSv3
CVE-2022-34207
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Beaker Builder
4.3
CVSSv3
CVE-2022-34208
A missing permission check in Jenkins Beaker builder Plugin 1.10 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Beaker Builder
6.5
CVSSv3
CVE-2022-34209
A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Threadfix
7.3
CVSSv3
CVE-2022-3421
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute pe...
Google Drive
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »