Vendor Products CVEs KEV Avg EPSS Worst Severity 1 4 0 45.8% CRITICAL
CVE ID Description Severity CVSS KEV EPSS Published CVE-2024-37770 14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. CRITICAL 9.1 — 72.3% Jul 10, 2024 CVE-2024-37767 Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request. HIGH 7.5 — 31.5% Jul 5, 2024 CVE-2024-37769 Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. HIGH 8.8 — 36.5% Jul 5, 2024 CVE-2024-37768 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. CRITICAL 9.1 — 43.0% Jul 5, 2024