Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-27435
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-04-04
CVE-2022-27436
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.
CVSS Score
4.8
EPSS Score
0.005
Published
2022-04-04
CVE-2022-28062
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-04
CVE-2022-28063
Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.
CVSS Score
4.9
EPSS Score
0.004
Published
2022-04-04
CVE-2021-36775
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-04
CVE-2021-36776
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-04-04
CVE-2021-44138
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
CVSS Score
7.5
EPSS Score
0.816
Published
2022-04-04
CVE-2022-26616
PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.
CVSS Score
6.1
EPSS Score
0.01
Published
2022-04-04
CVE-2021-33616
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-04-04
CVE-2022-1223
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved