Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-30177
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-04-07
CVE-2021-20687
Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-04-07
CVE-2021-20688
Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-07
CVE-2021-20689
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-07
CVE-2021-20690
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-07
CVE-2021-20691
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-07
CVE-2021-20692
Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives.
CVSS Score
7.1
EPSS Score
0.003
Published
2021-04-07
CVE-2020-11237
Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CVSS Score
8.4
EPSS Score
0.0
Published
2021-04-07
CVE-2020-11242
User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile
CVSS Score
8.4
EPSS Score
0.0
Published
2021-04-07
CVE-2020-11243
RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CVSS Score
7.5
EPSS Score
0.002
Published
2021-04-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved