Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-25096
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-26
CVE-2022-24710
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-02-25
CVE-2021-23495
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-25
CVE-2021-42952
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.
CVSS Score
9.9
EPSS Score
0.029
Published
2022-02-25
CVE-2021-44132
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file.
CVSS Score
7.8
EPSS Score
0.021
Published
2022-02-25
CVE-2022-24442
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
CVE-2022-25060
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
CVSS Score
9.8
EPSS Score
0.84
Published
2022-02-25
CVE-2022-25061
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
CVSS Score
9.8
EPSS Score
0.823
Published
2022-02-25
CVE-2022-25062
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.29
Published
2022-02-25
CVE-2022-25064
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
CVSS Score
9.8
EPSS Score
0.562
Published
2022-02-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved