Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2024
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-06-28
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-06-28
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names.  Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-28
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.
CVSS Score
6.1
EPSS Score
0.034
Published
2024-06-28
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
CVSS Score
7.5
EPSS Score
0.109
Published
2024-06-28
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.
CVSS Score
7.5
EPSS Score
0.192
Published
2024-06-28
A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-28
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-06-28
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them
CVSS Score
6.5
EPSS Score
0.0
Published
2024-06-28
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
4.7
EPSS Score
0.001
Published
2024-06-28


Contact Us

Shodan ® - All rights reserved