Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-1213
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
CVSS Score
7.7
EPSS Score
0.001
Published
2022-04-05
CVE-2021-33207
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
CVSS Score
9.8
EPSS Score
0.028
Published
2022-04-05
CVE-2021-45891
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-05
CVE-2021-45892
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-04-05
CVE-2021-45893
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-04-05
CVE-2022-24231
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-04-05
CVE-2022-25356
Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.
CVSS Score
5.3
EPSS Score
0.729
Published
2022-04-05
CVE-2022-26281
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-05
CVE-2022-26615
A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-05
CVE-2021-42324
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-04-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved