Security Vulnerabilities - CVEs Published In August 2024
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-08-12
Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-12
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
CVSS Score
9.8
EPSS Score
0.741
Published
2024-08-12
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
CVSS Score
5.3
EPSS Score
0.014
Published
2024-08-12
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
CVSS Score
5.3
EPSS Score
0.006
Published
2024-08-12
A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9
and prior, enables an unauthenticated remote attacker to read arbitrary
files and bypass authentication.
CVSS Score
8.7
EPSS Score
0.002
Published
2024-08-12
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-12
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-12
Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-12
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-08-12