Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2024
CVE-2024-2191
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-27
CVE-2024-28982
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-06-26
CVE-2024-28983
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-06-26
CVE-2024-28984
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-06-26
CVE-2024-37734
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-06-26
CVE-2024-38949
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc
CVSS Score
6.5
EPSS Score
0.0
Published
2024-06-26
CVE-2024-38950
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-06-26
CVE-2024-39241
Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-26
CVE-2024-39242
A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-26
CVE-2024-39243
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved