Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2023
CVE-2023-26922
SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-03-08
CVE-2023-27088
feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-03-08
CVE-2023-26261
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-03-08
CVE-2023-1270
Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.
CVSS Score
5.1
EPSS Score
0.002
Published
2023-03-08
CVE-2023-25395
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
CVSS Score
9.8
EPSS Score
0.052
Published
2023-03-08
CVE-2023-26952
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-03-08
CVE-2023-26950
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-03-08
CVE-2023-1267
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-03-08
CVE-2023-23638
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
CVSS Score
5.0
EPSS Score
0.503
Published
2023-03-08
CVE-2023-1269
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-03-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved