Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-37818
Strapi v4.24.4 exists to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows malicious users to scan for open ports or access sensitive information via a crafted GET request.
NA
CVE-2024-37349
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits ...
NA
CVE-2024-37350
There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a...
NA
CVE-2024-37351
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later ...
NA
CVE-2024-37352
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administra...
NA
CVE-2024-37674
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote malicious user to execute arbitrary code via the Field Name (name parameter) of a new activity.
NA
CVE-2024-37897
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the ...
NA
CVE-2024-37699
An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption.
NA
CVE-2024-33335
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote malicious user to execute arbitrary code via a crafted file.
NA
CVE-2022-45929
Northern.tech Mender 3.3.x prior to 3.3.2, 3.5.x prior to 3.5.0, and 3.6.x prior to 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »