Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-47009
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.004
Published
2024-10-08
CVE-2024-47951
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
CVSS Score
3.5
EPSS Score
0.002
Published
2024-10-08
CVE-2024-8215
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-10-08
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
CVSS Score
4.3
EPSS Score
0.0
Published
2024-10-08
CVE-2024-47948
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CVSS Score
4.9
EPSS Score
0.0
Published
2024-10-08
CVE-2024-47949
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CVSS Score
4.9
EPSS Score
0.005
Published
2024-10-08
CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
CVSS Score
3.5
EPSS Score
0.001
Published
2024-10-08
CVE-2024-45230
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
CVSS Score
7.5
EPSS Score
0.02
Published
2024-10-08
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
CVSS Score
5.3
EPSS Score
0.002
Published
2024-10-08
CVE-2024-45330
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-10-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved