Security Vulnerabilities - CVEs Published In March 2024
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-03-25
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
CVSS Score
2.8
EPSS Score
0.0
Published
2024-03-25
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-03-25
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.
CVSS Score
9.8
EPSS Score
0.024
Published
2024-03-25
An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-25
SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-03-25
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-03-25
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-03-25
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-03-25