Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2024-24771
Open Forms allows users create and publish smart forms. Versions before 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor ...
Maykinmedia Open Forms
8.8
CVSSv3
CVE-2023-6700
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subs...
Cookieinformation Wp-gdpr-compliance
1 Github repository
8.8
CVSSv3
CVE-2023-5677
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service a...
Axis M3024-lve Firmware
Axis M3025-ve Firmware
Axis M7014 Firmware
Axis M7016 Firmware
Axis P1214-e Firmware
Axis P7214 Firmware
Axis P7216 Firmware
Axis Q7401 Firmware
Axis Q7404 Firmware
Axis Q7414 Firmware
Axis Q7424-r Mk Ii Firmware
6.5
CVSSv3
CVE-2021-46903
An issue exists in LTOS-Web-Interface in Meinberg LANTIME-Firmware prior to 6.24.029 MBGID-9343 and 7 prior to 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).
Meinbergglobal Lantime Firmware
8.8
CVSSv3
CVE-2024-24573
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and previous versions, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It wa...
Facilemanager Facilemanager
4.9
CVSSv3
CVE-2024-23637
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed...
Octoprint Octoprint
7.6
CVSSv3
CVE-2024-21985
ONTAP 9 versions before 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible a...
Netapp Clustered Data Ontap 9.9.1
Netapp Clustered Data Ontap 9.10.1
Netapp Clustered Data Ontap
Netapp Clustered Data Ontap 9.11.1
Netapp Clustered Data Ontap 9.12.1
Netapp Clustered Data Ontap 9.13.1
8.1
CVSSv3
CVE-2023-38738
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted ste...
Ibm Openpages With Watson
Ibm Openpages With Watson 9.0
5.4
CVSSv3
CVE-2024-22191
Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an malicious user to execute arbitrary JavaScript code in the victim'...
Avohq Avo
9.8
CVSSv3
CVE-2023-39691
An issue discovered in kodbox up to and including 1.43 allows malicious users to arbitrarily add Administrator accounts via crafted GET request.
Kodcloud Kodbox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »