Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2023-25365
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3
CVSS Score
7.8
EPSS Score
0.0
Published
2024-02-08
CVE-2023-27001
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-08
CVE-2023-40265
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
CVSS Score
8.8
EPSS Score
0.014
Published
2024-02-08
CVE-2023-40266
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-02-08
CVE-2023-49101
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-02-08
CVE-2024-23756
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-08
CVE-2024-24494
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
CVSS Score
6.1
EPSS Score
0.336
Published
2024-02-08
CVE-2024-24495
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-08
CVE-2024-24496
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
CVSS Score
9.8
EPSS Score
0.34
Published
2024-02-08
CVE-2024-0242
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-02-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved