Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
michele di bonaventura vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
Gl-inet Gl-ar300m Firmware 4.3.7
1 Github repository
7.5
CVSSv3
CVE-2023-46455
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
Gl-inet Gl-ar300m Firmware 4.3.7
1 Github repository
9.8
CVSSv3
CVE-2023-46456
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
Gl-inet Gl-ar300m Firmware 3.216
1 Github repository
5.4
CVSSv3
CVE-2021-36387
In Yellowfin prior to 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
Yellowfinbi Yellowfin
1 Github repository
7.5
CVSSv3
CVE-2021-36388
In Yellowfin prior to 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
Yellowfinbi Yellowfin
1 Github repository
7.5
CVSSv3
CVE-2021-36389
In Yellowfin prior to 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
Yellowfinbi Yellowfin
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started