Security Vulnerabilities - CVEs Published In June 2024
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-06-14
In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack.
CVSS Score
6.1
EPSS Score
0.011
Published
2024-06-14
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-14
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-06-14
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-06-14
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-06-14
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.
CVSS Score
9.1
EPSS Score
0.018
Published
2024-06-14