Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
make vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27418
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership i...
6.4
CVSSv3
CVE-2024-4789
Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to ar...
NA
CVE-2024-3642
The Newsletter Popup WordPress plugin up to and including 1.2 does not have CSRF check when deleting subscriber, which could allow malicious users to make logged in admins perform such action via a CSRF attack
NA
CVE-2024-3643
The Newsletter Popup WordPress plugin up to and including 1.2 does not have CSRF check when deleting list, which could allow malicious users to make logged in admins perform such action via a CSRF attack
NA
CVE-2023-6321
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
NA
CVE-2023-6322
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated re...
NA
CVE-2024-3823
The Base64 Encoder/Decoder WordPress plugin up to and including 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
NA
CVE-2024-3405
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3406
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF check in place when updating its email settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3629
The HL Twitter WordPress plugin up to and including 2014.1.18 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »