Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2024-26196
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
CVSS Score
4.3
EPSS Score
0.012
Published
2024-03-21
CVE-2024-25811
An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-21
CVE-2024-25359
An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file.
CVSS Score
6.6
EPSS Score
0.001
Published
2024-03-21
CVE-2024-25167
Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-03-21
CVE-2024-25239
SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-03-21
CVE-2024-24818
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-03-21
CVE-2024-24813
Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-03-21
CVE-2024-24520
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-03-21
CVE-2024-24028
Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-03-21
CVE-2024-24110
SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved