Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2021-43930
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-04-28
CVE-2021-41945
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-04-28
CVE-2022-24873
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.
CVSS Score
5.4
EPSS Score
0.007
Published
2022-04-28
CVE-2022-28101
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.
CVSS Score
9.0
EPSS Score
0.005
Published
2022-04-28
CVE-2022-28102
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-28
CVE-2021-41921
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-04-28
CVE-2022-24935
Lexmark products through 2022-02-10 have Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-28
CVE-2022-29152
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-28
CVE-2021-33436
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
CVSS Score
7.3
EPSS Score
0.0
Published
2022-04-28
CVE-2022-29812
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
CVSS Score
2.3
EPSS Score
0.0
Published
2022-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved