Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2023
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.
CVSS Score
5.4
EPSS Score
0.012
Published
2023-04-19
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
CVSS Score
8.8
EPSS Score
0.002
Published
2023-04-19
CVE-2023-26599
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-04-19
CVE-2023-27776
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-19
CVE-2023-29921
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-04-19
CVE-2023-30463
Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-19
CVE-2022-38125
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
CVSS Score
2.9
EPSS Score
0.001
Published
2023-04-19
CVE-2022-4308
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-04-19
CVE-2023-0317
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-04-19
CVE-2023-22645
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved