Security Vulnerabilities - CVEs Published In October 2024
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-10-30
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-10-30
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.018
Published
2024-10-30
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-10-30
A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-10-30
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.
CVSS Score
7.2
EPSS Score
0.056
Published
2024-10-30
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-10-30
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-30
phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-10-30
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-10-30