Security Vulnerabilities - CVEs Published In April 2024
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-04-30
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-04-30
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-04-30
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-04-30
Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream).
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-04-30
O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-04-30