Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-49617 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication.
network
low complexity
machinesense CWE-306
critical
9.1
2024-02-01 CVE-2023-6221 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access.
network
low complexity
machinesense CWE-306
6.5
2024-02-01 CVE-2024-21852 Path Traversal vulnerability in Rapidscada Rapid Scada
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.
network
low complexity
rapidscada CWE-22
8.8
2024-02-01 CVE-2024-22927 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
2024-02-01 CVE-2024-23031 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
2024-02-01 CVE-2024-23032 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
2024-02-01 CVE-2024-23033 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
2024-02-01 CVE-2024-23034 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
2024-02-01 CVE-2024-24756 Path Traversal vulnerability in Crafatar
Crafatar serves Minecraft avatars based on the skin for use in external applications.
network
low complexity
crafatar CWE-22
7.5
2024-02-01 CVE-2023-47256 Improper Authentication vulnerability in Connectwise Automate and Screenconnect
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings
local
low complexity
connectwise CWE-287
5.5