Security Vulnerabilities - CVEs Published In February 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-28
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-02-28
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-28
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-02-28
A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-28
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-02-28
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
CVSS Score
9.1
EPSS Score
0.014
Published
2024-02-28
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.
CVSS Score
6.1
EPSS Score
0.049
Published
2024-02-28
A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-02-28
A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-02-28