Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31747
An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate malicious user to disable the phone lock via the Walkie Talkie menu option.
NA
CVE-2024-1874
In PHP versions 8.1.* prior to 8.1.28, 8.2.* prior to 8.2.18, 8.3.* prior to 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that woul...
1 Github repository
NA
CVE-2024-28240
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the c...
NA
CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
NA
CVE-2024-29986
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
NA
CVE-2024-29987
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
NA
CVE-2024-23593
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.
1 Article
NA
CVE-2024-23594
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.
1 Article
NA
CVE-2024-3566
A command inject vulnerability allows an malicious user to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
1 Github repository
NA
CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion o...
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »