Security Vulnerabilities - CVEs Published In April 2024
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.
CVSS Score
9.8
EPSS Score
0.114
Published
2024-04-10
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
CVSS Score
9.8
EPSS Score
0.053
Published
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-04-10
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-04-10
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.
CVSS Score
5.3
EPSS Score
0.007
Published
2024-04-10
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-04-10
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-04-10