Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36782
TOTOLINK CP300 V2.0.4-B20201102 exists to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows malicious users to log in as root.
NA
CVE-2024-34051
A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr prior to 19.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.
NA
CVE-2024-34987
A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows malicious users to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during ...
1 Github repository
NA
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately...
NA
CVE-2024-31682
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows malicious users to bypass fingerprint authentication due to the use of a deprecated API.
NA
CVE-2024-36783
TOTOLINK LR350 V9.3.5u.6369_B20220309 exists to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
NA
CVE-2023-52162
Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an malicious user to execute arbitrary code. Exploiting the vulnerability requires authentication.
NA
CVE-2022-1242
Apport can be tricked into connecting to arbitrary sockets as the root user
NA
CVE-2024-5214
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
NA
CVE-2024-5388
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »