Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
data vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an malicious user to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely ...
NA
CVE-2024-29210
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect...
NA
CVE-2024-29150
An issue exists in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in location...
NA
CVE-2024-32371
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 up to and including 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.
1 Github repository
NA
CVE-2024-32369
SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 up to and including 5.2.18 allows a remote malicious user to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.
1 Github repository
NA
CVE-2023-46012
Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote malicious user to execute arbitrary code via an HTTP request to the IGD UPnP.
1 Github repository
NA
CVE-2024-29889
GLPI is a Free Asset and IT Management Software package. before 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.
1 Github repository
NA
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identifie...
NA
CVE-2024-4538
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
NA
CVE-2023-6810
The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author ac...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »