Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
NA
CVE-2023-46297
An issue exists on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the ad...
NA
CVE-2024-35284
A vulnerability in the legacy chat component of Mitel MiContact Center Business up to and including 10.0.0.4 could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.
NA
CVE-2024-35333
A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafte...
1 Github repository
NA
CVE-2024-35283
A vulnerability in the Ignite component of Mitel MiContact Center Business up to and including 10.0.0.4 could allow an unauthenticated malicious user to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.
NA
CVE-2024-31079
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining proc...
NA
CVE-2024-35311
Yubico YubiKey 5 Series prior to 5.7.0, Security Key Series prior to 5.7.0, YubiKey Bio Series prior to 5.6.4, and YubiKey 5 FIPS prior to 5.7.2 have Incorrect Access Control.
NA
CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
NA
CVE-2024-36368
In JetBrains TeamCity prior to 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 reflected XSS via OAuth provider configuration was possible
NA
CVE-2024-36369
In JetBrains TeamCity prior to 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via issue tracker integration was possible
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »