Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2024
CVE-2024-31666
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.
CVSS Score
9.8
EPSS Score
0.291
Published
2024-04-22
CVE-2022-34560
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-04-22
CVE-2022-34561
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-22
CVE-2022-34562
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-22
CVE-2024-27347
Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-04-22
CVE-2024-27348
Known exploited
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.939
Published
2024-04-22
CVE-2024-27349
Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-04-22
CVE-2024-3645
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-04-22
CVE-2024-29661
A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-04-22
CVE-2024-32681
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved