Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-37889
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
NA
CVE-2024-36600
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an malicious user to execute arbitrary code via a crafted ISO 9660 image file.
NA
CVE-2024-24320
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote malicious user to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.
NA
CVE-2024-37888
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.
NA
CVE-2024-36597
Aegon Life v1.0 exists to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
1 Github repository
NA
CVE-2024-36598
An arbitrary file upload vulnerability in Aegon Life v1.0 allows malicious users to execute arbitrary code via uploading a crafted image file.
1 Github repository
NA
CVE-2024-36599
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
1 Github repository
NA
CVE-2024-37369
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
NA
CVE-2024-37641
TRENDnet TEW-814DAP v1_(FW1.01B01) exists to contain a stack overflow via the submit-url parameter at /formNewSchedule
NA
CVE-2024-37642
TRENDnet TEW-814DAP v1_(FW1.01B01) exists to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »