Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2024
CVE-2024-38896
WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVSS Score
5.3
EPSS Score
0.078
Published
2024-06-24
CVE-2024-38897
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-24
CVE-2024-38902
H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-24
CVE-2024-38903
H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.
CVSS Score
4.1
EPSS Score
0.003
Published
2024-06-24
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.
CVSS Score
9.8
EPSS Score
0.662
Published
2024-06-24
CVE-2024-34312
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-06-24
CVE-2024-37677
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-24
CVE-2024-37679
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-06-24
CVE-2024-37680
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-24
CVE-2024-37732
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-06-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved