Security Vulnerabilities - CVEs Published In March 2024
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVSS Score
2.8
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-03-25
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.
CVSS Score
9.8
EPSS Score
0.018
Published
2024-03-25
An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-03-25
SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-03-25
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-03-25
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-25
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-03-25
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-25