Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2024
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-04-18
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-18
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-18
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-04-18
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-18
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-04-18
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-18
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-18
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.
CVSS Score
3.9
EPSS Score
0.001
Published
2024-04-18
A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-04-18


Contact Us

Shodan ® - All rights reserved