Security Vulnerabilities - CVEs Published In April 2024
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.002
Published
2024-04-30
An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-30
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-04-30
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables
CVSS Score
5.3
EPSS Score
0.003
Published
2024-04-30
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-30
The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to write or overwrite files.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-04-30
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules functions.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-04-30
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-04-30
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-30
A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-04-30
Page 1