Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-51066
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-10-31
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension.
CVSS Score
9.8
EPSS Score
0.012
Published
2024-10-31
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-10-31
CVE-2024-39332
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server.
CVSS Score
9.8
EPSS Score
0.021
Published
2024-10-31
CVE-2024-51478
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51255
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51260
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-10-31
CVE-2024-51254
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-10-31
CVE-2024-51259
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-42835
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
CVSS Score
9.8
EPSS Score
0.015
Published
2024-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved