Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2024-28097
Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-03-07
CVE-2024-1443
MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-03-07
CVE-2024-1460
MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.
CVSS Score
5.6
EPSS Score
0.0
Published
2024-03-07
CVE-2022-46089
Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-07
CVE-2024-0817
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
CVSS Score
9.3
EPSS Score
0.003
Published
2024-03-07
CVE-2024-24389
A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-07
CVE-2023-49988
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-03-07
CVE-2023-49989
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-03-07
CVE-2023-51281
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-03-07
CVE-2024-0199
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions.
CVSS Score
7.7
EPSS Score
0.0
Published
2024-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved