Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35083
J2EEFAST v2.7.0 exists to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml.
NA
CVE-2024-35084
J2EEFAST v2.7.0 exists to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml.
NA
CVE-2024-34931
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an malicious user to execute arbitrary SQL commands via the name parameter.
NA
CVE-2024-35091
J2EEFAST v2.7.0 exists to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml.
NA
CVE-2024-34927
A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an malicious user to execute arbitrary SQL commands via the name parameter.
NA
CVE-2024-34930
A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows malicious user to execute arbitrary SQL commands via the month parameter.
NA
CVE-2024-34932
A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an malicious user to execute arbitrary SQL commands via the name parameter.
NA
CVE-2024-34935
A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an malicious user to execute arbitrary SQL commands via the conversation_id parameter.
NA
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.
NA
CVE-2024-4365
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for aut...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »