Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2024-30187
Anope before 2.0.15 does not prevent resetting the password of a suspended account.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-25
CVE-2024-2863
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
CVSS Score
5.3
EPSS Score
0.568
Published
2024-03-25
CVE-2024-2862
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
CVSS Score
9.1
EPSS Score
0.745
Published
2024-03-25
CVE-2023-37885
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-03-25
CVE-2023-37886
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-25
CVE-2024-1231
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack
CVSS Score
6.8
EPSS Score
0.001
Published
2024-03-25
CVE-2024-1232
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack
CVSS Score
4.8
EPSS Score
0.002
Published
2024-03-25
CVE-2024-1564
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode
CVSS Score
4.3
EPSS Score
0.003
Published
2024-03-25
CVE-2024-1962
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
CVSS Score
8.8
EPSS Score
0.008
Published
2024-03-25
CVE-2024-29034
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved