Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2023
CVE-2023-28400
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
CVSS Score
8.8
EPSS Score
0.051
Published
2023-04-27
CVE-2023-28716
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-27
CVE-2023-1967
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-04-27
CVE-2023-30380
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-04-27
CVE-2022-25091
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-04-27
CVE-2023-25437
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.
CVSS Score
8.8
EPSS Score
0.073
Published
2023-04-27
CVE-2023-29471
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-27
CVE-2023-29489
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
CVSS Score
5.3
EPSS Score
0.931
Published
2023-04-27
CVE-2022-34292
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-04-27
CVE-2022-37326
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-04-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved