CVEDB API

CVE-2024-37768

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.

CVSS Score

9.1

EPSS Score

0.002

Published

2024-07-05

CVE-2024-37769

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.

CVSS Score

8.8

EPSS Score

0.001

Published

2024-07-05

Page 1