Security Vulnerabilities - CVEs Published In May 2024
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-05-20
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-05-20
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
CVSS Score
8.3
EPSS Score
0.003
Published
2024-05-20
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.
Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-05-20
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-05-20
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
CVSS Score
9.8
EPSS Score
0.791
Published
2024-05-20