Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2024
CVE-2024-6401
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-09-16
CVE-2024-7098
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-09-16
CVE-2024-7104
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-16
CVE-2024-38315
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-16
CVE-2024-39772
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
CVSS Score
3.7
EPSS Score
0.001
Published
2024-09-16
CVE-2024-45835
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
CVSS Score
2.5
EPSS Score
0.001
Published
2024-09-16
CVE-2024-46419
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-09-16
CVE-2024-46424
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-09-16
CVE-2024-46451
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
CVSS Score
9.8
EPSS Score
0.101
Published
2024-09-16
CVE-2024-46937
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved