Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2024
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-05
CVE-2024-39150
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-05
CVE-2024-27710
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-07-05
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-07-05
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-05
CVE-2024-39210
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application.
CVSS Score
7.5
EPSS Score
0.058
Published
2024-07-05
CVE-2024-23997
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
CVSS Score
9.6
EPSS Score
0.047
Published
2024-07-05
CVE-2024-23998
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.
CVSS Score
9.6
EPSS Score
0.094
Published
2024-07-05
CVE-2024-29318
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-05
CVE-2024-29319
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved