Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51847
An issue in obgm and Libcoap v.a3ed466 allows a remote malicious user to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component.
NA
CVE-2024-24194
robdns commit d76d2e6 exists to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c.
NA
CVE-2024-22524
dnspod-sr 0dfbd37 is vulnerable to buffer overflow.
NA
CVE-2024-36795
Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows malicious users to access URLs and directories embedded within the firmware via unspecified vectors.
NA
CVE-2024-32752
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.
NA
CVE-2024-22074
Dynamsoft Service 1.8.1025 up to and including 1.8.2013, 1.7.0330 up to and including 1.7.2531, 1.6.0428 up to and including 1.6.1112, 1.5.0625 up to and including 1.5.3116, 1.4.0618 up to and including 1.4.1230, and 1.0.516 up to and including 1.3.0115 has Incorrect Access Contr...
NA
CVE-2024-3149
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can e...
NA
CVE-2024-4851
A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows malicious users to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to s...
NA
CVE-2024-4888
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the ser...
NA
CVE-2024-5133
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the `GET /v1/users/me/or...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »