Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
NA
CVE-2024-35373
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
NA
CVE-2024-35374
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote malicious users to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
NA
CVE-2024-4956
CVE-2024-4956-Bulk-Scanner [CVE-2024-4956] Unauthenticated Path Traversal Bulk Scanner
2 Github repositories
NA
CVE-2024-33471
An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows malicious users to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
NA
CVE-2024-35388
TOTOLINK NR1800X v9.1.0u.6681_B20230703 exists to contain a stack overflow via the password parameter in the function urldecode
NA
CVE-2024-35387
TOTOLINK LR350 V9.3.5u.6369_B20220309 exists to contain a stack overflow via the http_host parameter in the function loginAuth.
NA
CVE-2024-36049
Aptos Wisal payroll accounting prior to 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write...
NA
CVE-2023-46442
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows malicious users to cause a Denial of Service (DoS).
1 Github repository
NA
CVE-2024-34995
svnWebUI v1.8.3 exists to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows malicious users to delete arbitrary files via a crafted POST request.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »