Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-25304
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25305
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25678
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25679
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-02-09
CVE-2024-21762
Known exploited
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
CVSS Score
9.8
EPSS Score
0.931
Published
2024-02-09
CVE-2024-22119
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
CVSS Score
5.5
EPSS Score
0.003
Published
2024-02-09
CVE-2024-25674
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25675
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25677
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-09
CVE-2023-46350
SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved