Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4297
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitr...
NA
CVE-2024-4298
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attac...
NA
CVE-2024-4299
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injecti...
NA
CVE-2024-4301
N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.
NA
CVE-2024-4302
Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote malicious users to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS)...
NA
CVE-2024-4303
ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP.
NA
CVE-2024-4304
A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones SWAL. This vulnerability consists in a reflected XSS in the Titular parameter inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'.
NA
CVE-2024-4306
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.
NA
CVE-2024-4307
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an malicious user to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards...
NA
CVE-2024-4308
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an malicious user to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »