Skip to main content

14Finger

4 CVEs product

Monthly

CVE-2024-37770 CRITICAL POC Act Now

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE 14Finger
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-37767 HIGH POC This Week

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 14Finger
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37769 HIGH POC This Week

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 14Finger
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37768 CRITICAL POC Act Now

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 14Finger
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE 14Finger
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 14Finger
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 14Finger
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 14Finger
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy