Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote code vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4267
A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' funct...
NA
CVE-2023-51637
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The sp...
NA
CVE-2024-25738
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 up to and including 9.1 prior to 9.1.1 allows a remote malicious user to overwrite local configuration files to gain access to the administrator panel and achi...
NA
CVE-2024-5157
Use after free in Scheduling in Google Chrome before 125.0.6422.76 allowed a remote malicious user to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
NA
CVE-2024-21683
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated malicious user to execute arbitrary code which has hi...
5 Github repositories
NA
CVE-2024-35061
NASA AIT-Core v2.5.2 exists to use unencrypted channels to exchange data over the network, allowing malicious users to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
NA
CVE-2024-25724
In RTI Connext Professional 5.3.1 up to and including 6.1.0 prior to 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows malicious users to execute code with the affected service's privileges, c...
NA
CVE-2024-22274
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
NA
CVE-2024-4442
The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated malici...
NA
CVE-2024-29651
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote malicious user to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »