Security Vulnerabilities - CVEs Published In April 2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-04-02
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-04-02
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-02
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-04-02
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.023
Published
2024-04-02
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
CVSS Score
10.0
EPSS Score
0.943
Published
2024-04-02
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-04-02
Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.
The vulnerability is remediated in version 6.6.244.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-04-02
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-04-02
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment
CVSS Score
8.1
EPSS Score
0.121
Published
2024-04-02