Security Vulnerabilities - CVEs Published In April 2024
An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-04-19
An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-04-19
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
CVSS Score
4.6
EPSS Score
0.002
Published
2024-04-19
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
CVSS Score
7.1
EPSS Score
0.021
Published
2024-04-19
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-04-19
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
CVSS Score
2.5
EPSS Score
0.0
Published
2024-04-19
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
CVSS Score
7.5
EPSS Score
0.013
Published
2024-04-19
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-04-19
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.
CVSS Score
6.1
EPSS Score
0.026
Published
2024-04-19
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-04-19