Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
development system vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27130
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5....
2 Github repositories
2 Articles
NA
CVE_2024_3094
Ansible role cve_2024_3094 Check xz vulnerability (cve_2024_3094) on your system. GitHub Version Issues Pull Requests Downloads Example Playbook This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release. --- - nam...
1 Github repository
NA
CVE-2024-31993
Mealie is a self hosted recipe manager and meal planner. before 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The respo...
NA
CVE-2024-28255
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request co...
2 Github repositories
1 Article
NA
CVE-2024-25129
The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process eith...
NA
CVE-2023-50358
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 2...
1 Github repository
2 Articles
NA
CVE-2024-24823
Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session coul...
Graylog Graylog
NA
CVE-2024-22380
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and previous versions improperly restricts XML external entity references (XXE). By processing a ...
Maff Electronic Delivery Check System
NA
CVE-2023-48375
SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute admini...
Csharp Cws Collaborative Development Platform 10.25
NA
CVE-2023-48225
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly ref...
Laf Laf 1.0.0
Laf Laf 0.8.13
Laf Laf 0.8.12
Laf Laf 0.8.11
Laf Laf 0.8.10
Laf Laf 0.8.9
Laf Laf 0.8.8
Laf Laf 0.8.7
Laf Laf 0.8.6
Laf Laf 0.8.5
Laf Laf 0.8.4
Laf Laf 0.8.3
Laf Laf 0.8.2
Laf Laf 0.8.1
Laf Laf 0.8.0
Laf Laf 0.7.11
Laf Laf 0.7.10
Laf Laf 0.7.9
Laf Laf 0.7.8
Laf Laf 0.7.7
Laf Laf 0.7.6
Laf Laf 0.7.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »