Security Vulnerabilities - CVEs Published In March 2024
A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-15
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-03-15
Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-03-15
Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers
CVSS Score
5.5
EPSS Score
0.0
Published
2024-03-15
A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-03-15
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS Score
3.9
EPSS Score
0.003
Published
2024-03-14
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS Score
4.7
EPSS Score
0.007
Published
2024-03-14
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-03-14
An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-03-14
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-03-14