Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
Recent vulnerabilities and exploits
NA
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x prior to 9.5.3, and 8.1.x prior to 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests.
NA
CVE-2024-4182
Mattermost versions 9.6.0, 9.5.x prior to 9.5.3, 9.4.x prior to 9.4.5, and 8.1.x prior to 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated malicious user to crash other users' web clients via a malformed custom status.
NA
CVE-2024-32046
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an malicious user to get information about the server such as the full path wer...
NA
CVE-2024-4183
Mattermost versions 8.1.x prior to 8.1.12, 9.6.x prior to 9.6.1, 9.5.x prior to 9.5.3, 9.4.x prior to 9.4.5 fail to limit the number of active sessions, which allows an authenticated malicious user to crash the server via repeated requests to the getSessions API after flooding th...
NA
CVE-2024-3962
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated malicious us...
NA
CVE-2024-2920
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possi...
NA
CVE-2024-33598
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a up to and including 1.6.0.
NA
CVE-2023-6116
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manu...
NA
CVE-2024-33642
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a up to and including 0.5.6.1.
NA
CVE-2024-33651
Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a up to and including 1.2.1.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »