Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35627
tileserver-gl up to v4.4.10 exists to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key.
NA
CVE-2024-25737
A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 up to and including 9.1 prior to 9.1.1 allows remote malicious users to access internal HTTP servers and perform Cross-Site Script...
NA
CVE-2024-31893
IBM App Connect Enterprise 12.0.1.0 up to and including 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
NA
CVE-2024-25738
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 up to and including 9.1 prior to 9.1.1 allows a remote malicious user to overwrite local configuration files to gain access to the administrator panel and achi...
NA
CVE_2024_4367
Detect CVE-2024-4367 Quick-and-dirty YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js. Usage $ yara expl_pdfjs_cve_2024_4367.yar poc_generalized_CVE-2024-4367.pdf EXPL_PDFJS_CVE_2024_4367 poc_generalized_CVE-2024-4367.pdf ...
1 Github repository
NA
CVE-2024-20360
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote malicious user to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interfa...
NA
CVE-2024-21791
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.
NA
CVE-2024-31617
OpenLiteSpeed prior to 1.8.1 mishandles chunked encoding.
NA
CVE-2024-29421
xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an malicious user to execute arbitrary code.
NA
CVE-2024-20363
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote malicious user to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet h...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »