Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-22415
A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-05-05
CVE-2022-22433
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156.
CVSS Score
2.7
EPSS Score
0.002
Published
2022-05-05
CVE-2022-22434
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159.
CVSS Score
4.2
EPSS Score
0.0
Published
2022-05-05
CVE-2022-1516
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-05
CVE-2022-1464
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
CVSS Score
7.3
EPSS Score
0.002
Published
2022-05-05
CVE-2021-42183
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.
CVSS Score
7.5
EPSS Score
0.446
Published
2022-05-05
CVE-2021-42242
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-05-05
CVE-2022-28461
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-05
CVE-2022-28462
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-05
CVE-2022-28471
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38
CVSS Score
6.5
EPSS Score
0.003
Published
2022-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved