Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2023
CVE-2022-47701
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-31
CVE-2022-47854
i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-31
CVE-2023-22610
A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-01-31
CVE-2023-22611
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-31
CVE-2022-45598
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-31
CVE-2022-47035
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-31
CVE-2022-47780
SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-01-31
CVE-2023-24162
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-01-31
CVE-2023-24163
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-01-31
CVE-2020-20402
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-01-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved