Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4520
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the use...
NA
CVE-2024-32464
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
NA
CVE-2024-30525
Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a up to and including 1.2.9.
NA
CVE-2024-36604
Tenda O3V2 v1.0.0.12(3880) exists to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows malicious users to execute arbitrary commands with root privileges.
NA
CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows malicious users to execute arbitrary code via uploading a crafted file.
NA
CVE-2024-36857
Jan v0.4.12 exists to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
NA
CVE-2024-35672
Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a up to and including 2.9.16.
NA
CVE-2024-35670
Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a up to and including 1.3.93.
NA
CVE-2024-34759
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a up to and including 1.5.11.
NA
CVE-2024-37273
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows malicious users to execute arbitrary code via uploading a crafted file.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »