Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-48826
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.051
Published
2024-10-28
CVE-2024-50434
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse NewsCard newscard.This issue affects NewsCard: from n/a through <= 1.3.
CVSS Score
8.8
EPSS Score
0.025
Published
2024-10-28
CVE-2024-50435
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Meta News meta-news.This issue affects Meta News: from n/a through <= 1.1.7.
CVSS Score
8.8
EPSS Score
0.018
Published
2024-10-28
CVE-2024-42930
PbootCMS 3.2.8 is vulnerable to URL Redirect.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-10-28
CVE-2024-48178
newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-10-28
CVE-2024-48195
Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-10-28
CVE-2024-48196
An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-10-28
CVE-2024-5532
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.  The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
CVSS Score
1.8
EPSS Score
0.002
Published
2024-10-28
CVE-2024-50433
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Cross-Site Scripting (XSS).This issue affects Sky Addons for Elementor: from n/a through <= 2.5.15.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28
CVE-2024-50437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through <= 2.3.80.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved