Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50738
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `/usr/bin/hydra` service, which listens on TC...
NA
CVE-2024-5302
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ...
NA
CVE-2024-5511
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ...
NA
CVE-2024-5513
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ...
NA
CVE-2024-33999
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
NA
CVE-2024-33997
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.
NA
CVE-2024-34000
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.
4 Articles
NA
CVE-2024-36844
libmodbus v3.1.6 exists to contain a use-after-free via the ctx->backend pointer. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
NA
CVE-2024-33996
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
NA
CVE-2024-33998
Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »