Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-37895
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side r...
NA
CVE-2024-37896
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizin...
NA
CVE-2024-37902
DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 up to and including 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 ...
NA
CVE-2024-37305
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at ...
NA
CVE-2024-6059
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting...
NA
CVE-2024-38449
A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated malicious users to browse parent directories and read the content of files outside the scope of the application.
NA
CVE-2024-36543
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and previous versions allows an malicious user to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka...
NA
CVE-2024-37840
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote malicious users to execute arbitrary SQL commands via the LessonID parameter.
NA
CVE-2024-6056
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observ...
NA
CVE-2024-6058
A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width lea...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »