Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4264
A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is p...
NA
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but i...
Git Git
Git Git 2.45.0
Git Git 2.44.0
Git Git 2.41.0
37 Github repositories
1 Article
NA
CVE-2024-34352
1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configura...
NA
CVE-2024-34353
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user'...
NA
CVE-2024-31990
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows malicious users to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, ...
NA
CVE-2024-31497
In PuTTY 0.68 up to and including 0.80 prior to 0.81, biased ECDSA nonce generation allows an malicious user to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to ...
Putty Putty
Filezilla-project Filezilla Client
Winscp Winscp
Tortoisegit Tortoisegit
Tigris Tortoisesvn
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Fedoraproject Fedora 40
4 Github repositories
2 Articles
NA
CVE-2024-31461
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions before 0.17-dev. This issue may allow an malicious user to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access...
NA
CVE-2024-1599
lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient server-side validation of user account types during project creation. In the free account tier, users are limited to creating only two projects. However, this restriction is enforced...
NA
CVE-2024-1740
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. The lunary web application communicates with the server using an 'Authorization' t...
NA
CVE-2024-2195
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py`...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »