Security Vulnerabilities - CVEs Published In April 2024
D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-04-29
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.
CVSS Score
7.6
EPSS Score
0.607
Published
2024-04-29
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-04-29
Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-04-29
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards. php?id=1, /accounts/wire-transfer.php?id=1 and /accounts/wiretransfer-pending.php?id=1, id parameter) and retrieve the information stored in the database.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-04-29
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-04-29
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and /user/viewloantrans.php?id=1, id parameter) and retrieve the information stored in the database.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-04-29
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-04-29
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-04-29
Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-04-29