Security Vulnerabilities - CVEs Published In September 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a remote attacker to inject arbitrary commands.
CVSS Score
10.0
EPSS Score
0.011
Published
2024-09-25
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-09-25
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-09-25
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user account with a password that cannot be
changed.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-09-25
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-09-25
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-09-25
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-09-25
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
CVSS Score
3.7
EPSS Score
0.024
Published
2024-09-25
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
CVSS Score
7.2
EPSS Score
0.006
Published
2024-09-25
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-09-25