Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
traffic server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34446
Mullvad VPN up to and including 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed a...
NA
CVE-2024-32963
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change t...
NA
CVE-2024-31992
Mealie is a self hosted recipe manager and meal planner. before 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeou...
NA
CVE-2024-29960
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH tra...
NA
CVE-2024-3387
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an malicious user to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient comput...
NA
CVE-2024-31309
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 up to and including 8.1.9, from 9.0.0 up to and including 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_min...
1 Article
NA
CVE-2024-30255
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions before 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimite...
1 Article
NA
CVE-2024-29887
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic betwe...
NA
CVE-2024-28756
The SolarEdge mySolarEdge application prior to 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) malicious user to read and alter all network traffic between the application and the server.
NA
CVE-2024-27922
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions before 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »