Security Vulnerabilities - CVEs Published In June 2024
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-14
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
CVSS Score
6.5
EPSS Score
0.109
Published
2024-06-14
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-06-14
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.
CVSS Score
8.8
EPSS Score
0.035
Published
2024-06-14
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
CVSS Score
8.8
EPSS Score
0.862
Published
2024-06-14
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-06-14
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.
CVSS Score
6.1
EPSS Score
0.206
Published
2024-06-14
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-06-14
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-06-14
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
CVSS Score
3.5
EPSS Score
0.005
Published
2024-06-14