Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2023-49617 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. | 9.1 |
2024-02-01 | CVE-2023-6221 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. | 6.5 |
2024-02-01 | CVE-2024-21852 | Path Traversal vulnerability in Rapidscada Rapid Scada In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution. | 8.8 |
2024-02-01 | CVE-2024-22927 | Cross-site Scripting vulnerability in Eyoucms 1.6.5 Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 |
2024-02-01 | CVE-2024-23031 | Cross-site Scripting vulnerability in Eyoucms 1.6.5 Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 |
2024-02-01 | CVE-2024-23032 | Cross-site Scripting vulnerability in Eyoucms 1.6.5 Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 |
2024-02-01 | CVE-2024-23033 | Cross-site Scripting vulnerability in Eyoucms 1.6.5 Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 |
2024-02-01 | CVE-2024-23034 | Cross-site Scripting vulnerability in Eyoucms 1.6.5 Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 6.1 |
2024-02-01 | CVE-2024-24756 | Path Traversal vulnerability in Crafatar Crafatar serves Minecraft avatars based on the skin for use in external applications. | 7.5 |
2024-02-01 | CVE-2023-47256 | Improper Authentication vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | 5.5 |