Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3178
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator ...
NA
CVE-2024-31783
Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local malicious user to obtain sensitive information via a crafted script during markdown file creation.
NA
CVE-2024-31784
An issue in Typora v.1.8.10 and before, allows a local malicious user to obtain sensitive information and execute arbitrary code via a crafted payload to the src component.
NA
CVE-2024-3179
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator...
NA
CVE-2024-3180
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concret...
NA
CVE-2024-31801
Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote malicious user to obtain sensitive information via a crafted request.
NA
CVE-2024-31804
An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local malicious user to escalate privileges via the Program.exe component.
NA
CVE-2024-318041
Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability.
NA
CVE-2024-31806
TOTOLINK EX200 V4.0.3c.7646_B20201211 exists to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
NA
CVE-2024-31807
TOTOLINK EX200 V4.0.3c.7646_B20201211 exists to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »