Security Vulnerabilities - CVEs Published In February 2024
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
CVSS Score
9.1
EPSS Score
0.014
Published
2024-02-28
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.
CVSS Score
6.1
EPSS Score
0.049
Published
2024-02-28
A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-02-28
A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-02-28
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
CVSS Score
5.4
EPSS Score
0.027
Published
2024-02-28
Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-28
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-28
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-28
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-02-28
A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-02-28