Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28103
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
NA
CVE-2024-4520
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the use...
NA
CVE-2024-30525
Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a up to and including 1.2.9.
NA
CVE-2024-35672
Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a up to and including 2.9.16.
NA
CVE-2024-36857
Jan v0.4.12 exists to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
NA
CVE-2024-35670
Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a up to and including 1.3.93.
NA
CVE-2024-34759
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a up to and including 1.5.11.
NA
CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows malicious users to execute arbitrary code via uploading a crafted file.
NA
CVE-2024-37273
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows malicious users to execute arbitrary code via uploading a crafted file.
NA
CVE-2024-36604
Tenda O3V2 v1.0.0.12(3880) exists to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows malicious users to execute arbitrary commands with root privileges.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »