Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2024
CVE-2024-38221
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.3
EPSS Score
0.005
Published
2024-09-19
CVE-2024-9001
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.017
Published
2024-09-19
CVE-2024-25673
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-09-19
CVE-2024-33109
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
CVSS Score
9.9
EPSS Score
0.006
Published
2024-09-19
CVE-2024-40125
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-09-19
CVE-2024-47160
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
CVSS Score
4.3
EPSS Score
0.0
Published
2024-09-19
CVE-2024-47162
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
CVSS Score
4.1
EPSS Score
0.0
Published
2024-09-19
CVE-2024-8963
Known exploited
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CVSS Score
9.4
EPSS Score
0.943
Published
2024-09-19
CVE-2024-47159
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
CVSS Score
4.3
EPSS Score
0.0
Published
2024-09-19
CVE-2024-8651
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
CVSS Score
5.3
EPSS Score
0.005
Published
2024-09-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved