Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2024-47517
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
CVSS Score
6.8
EPSS Score
0.001
Published
2025-01-10
CVE-2024-54997
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-01-10
CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-10
CVE-2024-54994
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-10
CVE-2024-54996
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-10
CVE-2024-12847
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
CVSS Score
9.8
EPSS Score
0.689
Published
2025-01-10
CVE-2024-33297
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function
CVSS Score
4.7
EPSS Score
0.01
Published
2025-01-10
CVE-2024-33298
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
CVSS Score
6.1
EPSS Score
0.013
Published
2025-01-10
CVE-2024-33299
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
CVSS Score
4.7
EPSS Score
0.011
Published
2025-01-10
CVE-2024-57223
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS Score
9.8
EPSS Score
0.023
Published
2025-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved