Security Vulnerabilities - CVEs Published In April 2024
Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-04-15
Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-04-15
Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-04-15
Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-15
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-04-15
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conference.This issue affects The Conference: from n/a through 1.2.0.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1.
CVSS Score
4.3
EPSS Score
0.151
Published
2024-04-15