Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2035
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user ac...
NA
CVE-2024-2171
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising...
NA
CVE-2024-36119
Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matching **all** of the followin...
NA
CVE-2024-32877
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). This issue lies in the ...
NA
CVE-2023-43842
Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request.
NA
CVE-2023-43843
Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request.
NA
CVE-2023-7045
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 prior to 16.10.6, from 16.11 prior to 16.11.3, from 17.0 prior to 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).
1 Article
NA
CVE-2024-4835
A XSS condition exists within GitLab in versions 15.11 prior to 16.10.6, 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.
1 Article
NA
CVE-2024-2874
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.6, version 16.11 prior to 16.11.3, and 17.0 prior to 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.
1 Article
NA
CVE-2024-4287
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be e...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »