Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35056
NASA AIT-Core v2.5.2 exists to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.
NA
CVE-2024-36052
RARLAB WinRAR prior to 7.00, on Windows, allows malicious users to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.
NA
CVE-2024-31840
An issue exists in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the...
NA
CVE-2024-31845
An issue exists in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs...
NA
CVE-2024-27130
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5...
2 Github repositories
2 Articles
NA
CVE-2024-36039
PyMySQL up to and including 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
NA
CVE-2024-31847
An issue exists in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote malicious users to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.
NA
CVE-2024-31844
An issue exists in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error....
NA
CVE-2024-27129
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following ...
1 Article
NA
CVE-2024-21902
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vuln...
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »