Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5271
Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.
NA
CVE-2024-32877
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). This issue lies in the ...
NA
CVE-2024-35228
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and updat...
NA
CVE-2024-35468
A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows malicious users to execute arbitrary SQL commands via the password parameter.
1 Github repository
NA
CVE-2024-2420
LenelS2 NetBox access control and event monitoring system exists to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an malicious user to bypass authentication requirements.
NA
CVE-2024-2422
LenelS2 NetBox access control and event monitoring system exists to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an malicious user to execute malicious commands.
NA
CVE-2024-2421
LenelS2 NetBox access control and event monitoring system exists to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an malicious user to execute malicious commands with elevated permissions.
NA
CVE-2024-35469
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows malicious users to execute arbitrary SQL commands via the password parameter.
1 Github repository
NA
CVE-2024-35433
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.
NA
CVE-2024-35349
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »