Security Vulnerabilities - CVEs Published In April 2024
Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-04-15
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-04-15
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-15
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration.
This does not affect JFrog cloud deployments.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-04-15
The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker.This issue affects Download IP2Location Country Blocker: from n/a through 2.34.2.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team WebinarIgnition.This issue affects WebinarIgnition: from n/a through 3.05.8.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-15