Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2023-6724
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-02-09
CVE-2024-25304
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."
CVSS Score
8.8
EPSS Score
0.002
Published
2024-02-09
CVE-2024-25305
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25678
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25679
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-02-09
CVE-2024-21762
Known exploited
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
CVSS Score
9.8
EPSS Score
0.929
Published
2024-02-09
CVE-2024-22119
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
CVSS Score
5.5
EPSS Score
0.004
Published
2024-02-09
CVE-2024-25674
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25675
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25677
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved