Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2024
CVE-2024-22734
An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.
CVSS Score
6.2
EPSS Score
0.029
Published
2024-04-12
CVE-2024-30614
An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-04-12
CVE-2024-30850
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
CVSS Score
8.8
EPSS Score
0.805
Published
2024-04-12
CVE-2023-44855
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-04-12
CVE-2023-44856
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-12
CVE-2023-44854
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-12
CVE-2023-44857
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component.
CVSS Score
8.1
EPSS Score
0.004
Published
2024-04-12
CVE-2023-44852
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file.
CVSS Score
8.2
EPSS Score
0.003
Published
2024-04-12
CVE-2023-44853
\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-04-12
CVE-2024-2137
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-04-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved