Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2024-11931
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-01-24
CVE-2024-55573
An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.
CVSS Score
9.1
EPSS Score
0.004
Published
2025-01-23
CVE-2024-57329
HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-23
CVE-2024-57386
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-23
CVE-2024-57556
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-23
CVE-2024-53923
An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media.
CVSS Score
9.1
EPSS Score
0.003
Published
2025-01-23
CVE-2024-55192
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
CVSS Score
9.8
EPSS Score
0.003
Published
2025-01-23
CVE-2024-55193
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-23
CVE-2024-55194
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-23
CVE-2024-57326
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved