Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2024-5638
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization an...
8.8
CVSSv3
CVE-2024-3668
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for...
4.2
CVSSv3
CVE-2024-5770
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attac...
6.4
CVSSv3
CVE-2024-5663
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it poss...
NA
CVE-2024-0444
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability ...
NA
CVE-2024-4956
Shiro 1 Extractor This repository contains a Python script shiro1-extractor.py that will search all .pcl files within a specific directory and extract Apache Shiro 1 hashes from them, then write them to an output file. Usage usage: shiro1-extractor.py [-h] input_dir output_file ...
2 Github repositories
NA
CVE-2023-49224
Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges.
NA
CVE-2023-49221
Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code.
NA
CVE-2023-7261
Inappropriate implementation in Google Updator before 1.3.36.351 in Google Chrome allowed a local malicious user to perform privilege escalation via a malicious file. (Chromium security severity: High)
NA
CVE-2023-49222
Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »