Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23740
An issue in Kap for macOS version 3.6.0 and before, allows remote malicious users to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
Getkap Kap
1 Github repository
NA
CVE-2024-23751
LlamaIndex (aka llama_index) up to and including 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this...
Llamaindex Llamaindex
NA
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
NA
CVE-2024-23768
Dremio prior to 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one fol...
Dremio Dremio
NA
CVE-2024-2377
A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.
NA
CVE-2024-23771
darkhttpd prior to 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote malicious users to bypass authentication via a timing side channel.
Unix4lyfe Darkhttpd
NA
CVE-2024-23785
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a remote unauthenticated malicious user to change the product settings.
NA
CVE-2024-23792
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment....
Otrs Otrs
NA
CVE-2024-2380
Stored XSS in graph rendering in Checkmk <2.3.0b4.
NA
CVE-2024-23812
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »