Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5220
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ...
NA
CVE-2024-99999
whatsthetalk.eu Research in API security If you want to lead, just find the API key. Powered by wtt wtt is a simple command line "ChatGPT". It is a wrapper around google.generativeai that accepts variable number of string and/or file path arguments. It concatenates them...
1 Github repository
NA
CVE-2024-36079
An issue exists in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a f...
NA
CVE-2024-35374
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote malicious users to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
NA
CVE-2024-35373
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
NA
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
NA
CVE-2024-4956
CVE-2024-4956 - Unauthenticated Path Traversal in Nexus Repository Manager 3 The Nexus Repository Manager is a repository manager that organizes, stores, and distributes artifacts needed for development. A path traversal vulnerability has been discovered in Nexus Repository 3, in...
1 Github repository
NA
CVE-2024-35388
TOTOLINK NR1800X v9.1.0u.6681_B20230703 exists to contain a stack overflow via the password parameter in the function urldecode
NA
CVE-2024-33471
An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows malicious users to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
NA
CVE-2024-35387
TOTOLINK LR350 V9.3.5u.6369_B20220309 exists to contain a stack overflow via the http_host parameter in the function loginAuth.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »