Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4727
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal...
NA
CVE-2024-34405
Improper deep link validation in McAfee Security: Antivirus VPN for Android prior to 8.3.0 could allow an malicious user to launch an arbitrary URL within the app.
NA
CVE-2024-34406
Improper exception handling in McAfee Security: Antivirus VPN for Android prior to 8.3.0 could allow an malicious user to cause a denial of service through the use of a malformed deep link.
NA
CVE-2024-35213
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an malicious user to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
NA
CVE-2024-28020
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services.
NA
CVE-2024-28022
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account.
NA
CVE-2024-28024
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
NA
CVE-2024-36702
libiec61850 v1.5 exists to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
NA
CVE-2024-37301
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full ta...
NA
CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows malicious users to escalate privileges from Guest to root via a directory traversal.
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »