Security Vulnerabilities - CVEs Published In February 2024
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-02-23
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.3
EPSS Score
0.025
Published
2024-02-23
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS Score
8.2
EPSS Score
0.002
Published
2024-02-23
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-23
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-23
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-23
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS Score
4.8
EPSS Score
0.014
Published
2024-02-23
In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-23
In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-23
A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-02-23