Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2024
CVE-2024-1357
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes such as thumb_mode and date_type. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-04-16
CVE-2024-32632
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
CVSS Score
6.6
EPSS Score
0.002
Published
2024-04-16
CVE-2024-32633
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-04-16
CVE-2024-32634
In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-16
CVE-2024-3872
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.
CVSS Score
3.1
EPSS Score
0.004
Published
2024-04-16
CVE-2024-32625
In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations
CVSS Score
5.8
EPSS Score
0.003
Published
2024-04-16
CVE-2024-32631
Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-04-16
CVE-2024-32557
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-16
CVE-2024-31783
Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-16
CVE-2024-31784
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved