Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31894
IBM App Connect Enterprise 12.0.1.0 up to and including 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
NA
CVE-2024-31893
IBM App Connect Enterprise 12.0.1.0 up to and including 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
NA
CVE-2024-35627
tileserver-gl up to v4.4.10 exists to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key.
NA
CVE-2024-31904
IBM App Connect Enterprise 11.0.0.1 up to and including 11.0.0.25 and 12.0.1.0 up to and including 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.
NA
CVE-2024-25738
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 up to and including 9.1 prior to 9.1.1 allows a remote malicious user to overwrite local configuration files to gain access to the administrator panel and achi...
NA
CVE-2024-25737
A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 up to and including 9.1 prior to 9.1.1 allows remote malicious users to access internal HTTP servers and perform Cross-Site Script...
NA
CVE_2024_4367
Detect CVE-2024-4367 Quick-and-dirty YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js. Usage $ yara expl_pdfjs_cve_2024_4367.yar poc_generalized_CVE-2024-4367.pdf EXPL_PDFJS_CVE_2024_4367 poc_generalized_CVE-2024-4367.pdf ...
1 Github repository
NA
CVE-2024-31617
OpenLiteSpeed prior to 1.8.1 mishandles chunked encoding.
NA
CVE-2024-21791
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.
NA
CVE-2024-29421
xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an malicious user to execute arbitrary code.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »