Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-23302
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-02-29
CVE-2024-23328
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0.
CVSS Score
9.1
EPSS Score
0.007
Published
2024-02-29
CVE-2024-22936
Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-02-29
CVE-2024-22939
Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.
CVSS Score
8.8
EPSS Score
0.024
Published
2024-02-29
CVE-2024-23052
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.
CVSS Score
9.8
EPSS Score
0.779
Published
2024-02-29
CVE-2024-22251
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-02-29
CVE-2024-21722
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-02-29
CVE-2024-21723
Inadequate parsing of URLs could result into an open redirect.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-02-29
CVE-2024-21724
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-29
CVE-2024-21725
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.015
Published
2024-02-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved