Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2022-23869
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-30
CVE-2022-25598
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
CVSS Score
7.5
EPSS Score
0.013
Published
2022-03-30
CVE-2022-1172
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS Score
5.6
EPSS Score
0.002
Published
2022-03-30
CVE-2022-1163
Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.
CVSS Score
6.8
EPSS Score
0.006
Published
2022-03-30
CVE-2022-28205
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-30
CVE-2022-28206
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-30
CVE-2022-28209
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-30
CVE-2022-28202
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-30
CVE-2022-27816
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-03-30
CVE-2020-24769
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved