Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35373
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
NA
CVE-2024-35374
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote malicious users to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
NA
CVE-2024-4956
CVE-2024-4956 - Unauthenticated Path Traversal in Nexus Repository Manager 3 The Nexus Repository Manager is a repository manager that organizes, stores, and distributes artifacts needed for development. A path traversal vulnerability has been discovered in Nexus Repository 3, in...
1 Github repository
NA
CVE-2024-33471
An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows malicious users to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
NA
CVE-2024-35388
TOTOLINK NR1800X v9.1.0u.6681_B20230703 exists to contain a stack overflow via the password parameter in the function urldecode
NA
CVE-2024-35387
TOTOLINK LR350 V9.3.5u.6369_B20220309 exists to contain a stack overflow via the http_host parameter in the function loginAuth.
NA
CVE-2023-46442
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows malicious users to cause a Denial of Service (DoS).
1 Github repository
NA
CVE-2024-36049
Aptos Wisal payroll accounting prior to 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write...
NA
CVE-2024-33427
Buffer Overflow vulnerability in Squid version before v.6.10 allows a local attacker cause a denial of service via a improper check of string in function ConfigParser::UnQuote.
NA
CVE-2024-35395
TOTOLINK CP900L v4.1.5cu.798_B20221228 exists to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows malicious users to log in as root.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »