Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2024
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-06-16
CVE-2024-6039
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-06-16
CVE-2023-27636
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-06-16
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
CVSS Score
9.8
EPSS Score
0.102
Published
2024-06-16
CVE-2024-38461
irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-16
CVE-2024-38462
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-16
CVE-2024-38465
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-16
CVE-2024-38466
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-16
CVE-2024-38467
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-16
CVE-2024-38468
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved