Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project vulnerabilities and exploits
(subscribe to this query)
9
CVSSv3
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but i...
Git Git
Git Git 2.45.0
Git Git 2.44.0
Git Git 2.41.0
34 Github repositories
1 Article
NA
CVE_2023_36664
Ghostscript command injection vulnerability PoC (CVE-2023-36664) Vulnerability disclosed in Ghostscript prior to version 10.01.2 leads to code execution (CVSS score 9.8). Official vulnerability description: Artifex Ghostscript through 10.01.2 mishandles permission validation for...
1 Github repository
7.5
CVSSv3
CVE-2023-6021
LFI in Ray's log API endpoint allows malicious users to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cv...
Ray Project Ray -
2 Articles
9.8
CVSSv3
CVE-2023-6019
A command injection existed in Ray's cpu_profile URL parameter allowing malicious users to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: htt...
Ray Project Ray -
4 Github repositories
2 Articles
7.2
CVSSv3
CVE-2023-5919
A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack m...
Company Website Cms Project Company Website Cms 1.0
8.8
CVSSv3
CVE-2023-37995
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.
Wp-copyprotect Project Wp-copyprotect
NA
CVE-2023-39848
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
70 Github repositories
7.2
CVSSv3
CVE-2023-2435
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, malicious users to include and execute arbitrary files on the server, allowing the execution of any ...
Blog-in-blog Project Blog-in-blog
4.8
CVSSv3
CVE-2023-2436
The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Blog-in-blog Project Blog-in-blog
5.4
CVSSv3
CVE-2023-29636
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows malicious users to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.
Zhenfeng13 My-blog Project Zhenfeng13 My-blog -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »