Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2024
CVE-2023-27460
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-06-03
CVE-2023-23735
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-06-03
CVE-2023-23738
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-06-03
CVE-2023-24373
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.
CVSS Score
3.7
EPSS Score
0.004
Published
2024-06-03
CVE-2023-23730
Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-06-03
CVE-2024-36782
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-06-03
CVE-2024-34987
A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.
CVSS Score
9.1
EPSS Score
0.006
Published
2024-06-03
CVE-2024-36783
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
CVSS Score
9.8
EPSS Score
0.014
Published
2024-06-03
CVE-2022-0555
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
CVSS Score
8.4
EPSS Score
0.003
Published
2024-06-03
CVE-2022-1242
Apport can be tricked into connecting to arbitrary sockets as the root user
CVSS Score
7.8
EPSS Score
0.002
Published
2024-06-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved