Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fields vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0613
The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajax_delete_field() function. This makes it possible for unauthenticated malicious us...
NA
CVE-2024-1679
The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields in all versions up to, and including, 3.4.6 due to insufficient input san...
NA
CVE-2024-32882
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has been used to further restric...
NA
CVE-2024-27050
In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro. This causes l...
NA
CVE-2024-26936
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf before validating request. But the fields in payload as well as smb2 header is used ...
NA
CVE-2024-26952
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ...
NA
CVE-2024-33274
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote malicious user to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php
NA
CVE-2023-50432
simple-dhcp-server through ec976d2 allows remote malicious users to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to dereference a NULL pointer.
NA
CVE-2024-4306
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.
NA
CVE-2024-32883
MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries a...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »