Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
Recent vulnerabilities and exploits
NA
CVE-2024-4173
Access Denied
NA
CVE-2024-4182
Mattermost versions 9.6.0, 9.5.x prior to 9.5.3, 9.4.x prior to 9.4.5, and 8.1.x prior to 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated malicious user to crash other users' web clients via a malformed custom status.
NA
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x prior to 9.5.3, and 8.1.x prior to 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.
NA
CVE-2024-4183
Mattermost versions 8.1.x prior to 8.1.12, 9.6.x prior to 9.6.1, 9.5.x prior to 9.5.3, 9.4.x prior to 9.4.5 fail to limit the number of active sessions, which allows an authenticated malicious user to crash the server via repeated requests to the getSessions API after flooding th...
NA
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x prior to 9.5.3, and 8.1.x prior to 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests.
NA
CVE-2024-4239
A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched...
NA
CVE-2024-4242
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotel...
NA
CVE-2024-4235
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The ex...
NA
CVE-2024-4241
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The iden...
NA
CVE-2024-4236
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overfl...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
NEXT »