Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36393
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
NA
CVE-2024-36394
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
NA
CVE-2024-4177
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an malicious user to cause a server-side request forgery. This issue only affects GravityZone Console versions prior to 6.38.1-2 that are running only on premise.
NA
CVE-2024-5665
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, w...
NA
CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
4.4
CVSSv3
CVE-2024-5656
The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
5.3
CVSSv3
CVE-2024-0972
The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated malicious users to bypass the plugin's "All Other Sections On Your S...
9.1
CVSSv3
CVE-2024-5153
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unauthenticated malicious users to copy the contents of arbitrary files on...
6.4
CVSSv3
CVE-2024-5162
The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...
5.3
CVSSv3
CVE-2024-5615
The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraph_default_description' function. This makes it possible for unauthenticated malicious users to extract sensitive data includ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »