Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35189
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their associated `secrets` which _can_ contain sensitive data (e.g. passwords, private keys, etc.). These `secrets` are stored e...
NA
CVE-2024-35228
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and updat...
NA
CVE-2024-35468
A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows malicious users to execute arbitrary SQL commands via the password parameter.
1 Github repository
NA
CVE-2024-2420
LenelS2 NetBox access control and event monitoring system exists to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an malicious user to bypass authentication requirements.
NA
CVE-2024-35469
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows malicious users to execute arbitrary SQL commands via the password parameter.
1 Github repository
NA
CVE-2024-35433
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.
NA
CVE-2024-2421
LenelS2 NetBox access control and event monitoring system exists to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an malicious user to execute malicious commands with elevated permissions.
NA
CVE-2024-2422
LenelS2 NetBox access control and event monitoring system exists to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an malicious user to execute malicious commands.
NA
CVE-2024-5271
Fuji Electric Monitouch V-SFT
NA
CVE-2024-35351
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/SystemSettings.php?f=update_settings. Manipulating the parameter name results in cross-site scripting.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »