Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2022-26629
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.
CVSS Score
9.1
EPSS Score
0.276
Published
2022-03-24
CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
CVSS Score
7.2
EPSS Score
0.088
Published
2022-03-24
CVE-2021-39491
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-24
CVE-2022-0550
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-24
CVE-2022-0551
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-24
CVE-2022-0955
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-03-24
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-24
CVE-2021-43700
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-24
CVE-2022-1052
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.
CVSS Score
7.3
EPSS Score
0.002
Published
2022-03-24
CVE-2022-0145
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.
CVSS Score
6.8
EPSS Score
0.003
Published
2022-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved