Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2021-43945
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-02-28
CVE-2022-0772
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-02-27
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVSS Score
8.2
EPSS Score
0.003
Published
2022-02-27
CVE-2021-3967
Improper Access Control in GitHub repository zulip/zulip prior to 4.10.
CVSS Score
4.1
EPSS Score
0.003
Published
2022-02-26
CVE-2022-22908
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-26
CVE-2022-26149
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
CVSS Score
7.2
EPSS Score
0.036
Published
2022-02-26
CVE-2020-27958
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-02-26
CVE-2022-26146
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-02-26
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-02-26
CVE-2022-0723
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
CVSS Score
8.0
EPSS Score
0.004
Published
2022-02-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved