Security Vulnerabilities - CVEs Published In March 2024
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-26
The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection
CVSS Score
9.8
EPSS Score
0.001
Published
2024-03-26
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-03-25
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php
CVSS Score
9.8
EPSS Score
0.007
Published
2024-03-25
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-03-25
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-25
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-03-25
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-03-25