Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35239
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgra...
NA
CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors sho...
NA
CVE-2024-35581
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field.
NA
CVE-2024-35583
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field.
NA
CVE-2022-45171
An issue exists in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.
NA
CVE-2023-30307
An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows malicious users to hijack TCP sessions which could lead to a denial of service.
NA
CVE-2023-30309
An issue discovered in D-Link DI-7003GV2 routers allows malicious users to hijack TCP sessions which could lead to a denial of service.
NA
CVE-2024-28060
An issue exists in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed.
NA
CVE-2024-28061
An issue exists in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.
NA
CVE-2024-35510
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows malicious users to execute arbitrary code via uploading a crafted file.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »