Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-48307
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
CVSS Score
9.8
EPSS Score
0.891
Published
2024-10-31
CVE-2024-10006
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
CVSS Score
8.3
EPSS Score
0.0
Published
2024-10-30
CVE-2024-10086
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-10-30
CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-10-30
CVE-2024-48112
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.015
Published
2024-10-30
CVE-2024-48807
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51242
A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51243
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.
CVSS Score
7.2
EPSS Score
0.026
Published
2024-10-30
CVE-2024-48271
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-10-30
CVE-2024-48272
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved