Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2022
CVE-2021-45845
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-01-25
CVE-2021-46113
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.
CVSS Score
8.8
EPSS Score
0.03
Published
2022-01-25
CVE-2022-23223
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
CVSS Score
7.5
EPSS Score
0.035
Published
2022-01-25
CVE-2022-23944
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVSS Score
9.1
EPSS Score
0.915
Published
2022-01-25
CVE-2022-23945
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVSS Score
7.5
EPSS Score
0.011
Published
2022-01-25
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVSS Score
9.8
EPSS Score
0.053
Published
2022-01-25
CVE-2021-45342
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
CVSS Score
7.8
EPSS Score
0.017
Published
2022-01-25
CVE-2021-45343
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-25
CVE-2021-45802
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-25
CVE-2021-45803
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-01-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved