Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2022-25429
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-18
CVE-2022-24092
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.
CVSS Score
7.8
EPSS Score
0.114
Published
2022-03-18
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).
CVSS Score
8.3
EPSS Score
0.008
Published
2022-03-18
CVE-2022-25603
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).
CVSS Score
4.8
EPSS Score
0.003
Published
2022-03-18
CVE-2022-25604
Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).
CVSS Score
4.1
EPSS Score
0.002
Published
2022-03-18
CVE-2022-25605
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-18
CVE-2022-25607
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
CVSS Score
6.6
EPSS Score
0.006
Published
2022-03-18
CVE-2022-27243
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-03-18
CVE-2022-27244
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-18
CVE-2022-27245
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-03-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved