Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2727
HTML injection vulnerability affecting the CIGESv2 system, which allows an malicious user to inject arbitrary code and modify elements of the website and email confirmation message.
NA
CVE-2024-1379
The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authoriza...
NA
CVE-2024-27997
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a up to and including 45.6.0.
NA
CVE_2023_46805
Penetration testing of https://ris.ucll.be/ Tools used Nmap It looks like the host is running on Azure since the ports are open by default 1221 and 8172. This is also indicated by the fingerprint Microsoft Azure Web App. The Python webserver being used is Gunicorn, it is a Unix b...
1 Github repository
NA
CVE-2024-0779
The Enjoy Social Feed plugin for WordPress website WordPress plugin up to and including 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example
NA
CVE-2024-0780
The Enjoy Social Feed plugin for WordPress website WordPress plugin up to and including 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action
NA
CVE-2024-1606
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a web...
NA
CVE-2024-28745
Improper export of Android application components issue exists in 'ABEMA' App for Android before 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploit...
NA
CVE-2024-27265
IBM Integration Bus for z/OS 10.1 up to and including 10.1.0.3 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.
Ibm Integration Bus
NA
CVE-2024-28195
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »