Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2024
CVE-2024-38897
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-06-24
CVE-2024-38902
H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-06-24
CVE-2024-38903
H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.
CVSS Score
4.1
EPSS Score
0.003
Published
2024-06-24
CVE-2023-45196
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-06-24
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.
CVSS Score
9.8
EPSS Score
0.807
Published
2024-06-24
CVE-2024-34312
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.
CVSS Score
6.1
EPSS Score
0.013
Published
2024-06-24
CVE-2024-37678
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script.
CVSS Score
5.3
EPSS Score
0.008
Published
2024-06-24
CVE-2024-37677
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-06-24
CVE-2024-37679
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-06-24
CVE-2024-37680
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved