Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2024
CVE-2024-33901
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
CVSS Score
6.5
EPSS Score
0.195
Published
2024-05-20
CVE-2024-35191
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1.6.
CVSS Score
4.4
EPSS Score
0.002
Published
2024-05-20
CVE-2024-29000
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
CVSS Score
7.9
EPSS Score
0.001
Published
2024-05-20
CVE-2023-49335
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
CVSS Score
8.3
EPSS Score
0.003
Published
2024-05-20
CVE-2024-34193
smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-05-20
CVE-2024-34949
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
CVSS Score
8.2
EPSS Score
0.002
Published
2024-05-20
CVE-2024-35571
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-05-20
CVE-2024-35576
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
CVSS Score
5.2
EPSS Score
0.001
Published
2024-05-20
CVE-2024-35578
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-05-20
CVE-2024-35579
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.
CVSS Score
7.7
EPSS Score
0.003
Published
2024-05-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved