Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36782
TOTOLINK CP300 V2.0.4-B20201102 exists to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows malicious users to log in as root.
NA
CVE-2023-52162
Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an malicious user to execute arbitrary code. Exploiting the vulnerability requires authentication.
NA
CVE-2024-31682
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows malicious users to bypass fingerprint authentication due to the use of a deprecated API.
NA
CVE-2024-36783
TOTOLINK LR350 V9.3.5u.6369_B20220309 exists to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
NA
CVE-2024-34987
A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows malicious users to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during ...
1 Github repository
NA
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately...
NA
CVE-2024-34051
A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr prior to 19.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.
NA
CVE-2021-3899
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an malicious user to execute arbitrary code as root.
1 Github repository
NA
CVE-2022-0555
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
NA
CVE-2022-1242
Apport can be tricked into connecting to arbitrary sockets as the root user
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »