Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2024
CVE-2024-41438
A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-07-30
CVE-2024-41439
A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-07-30
CVE-2024-41440
A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-07-30
CVE-2024-41443
A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-07-30
CVE-2024-5249
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-07-30
CVE-2024-5250
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
CVSS Score
3.5
EPSS Score
0.005
Published
2024-07-30
CVE-2024-3930
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-07-30
CVE-2024-41437
A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-07-30
CVE-2024-41304
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-30
CVE-2024-41305
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved