Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-28488
The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-04
CVE-2022-28512
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-04
CVE-2022-28552
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-05-04
CVE-2022-28099
Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-05-04
CVE-2022-28508
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVSS Score
6.1
EPSS Score
0.015
Published
2022-05-04
CVE-2022-25778
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
CVSS Score
4.2
EPSS Score
0.002
Published
2022-05-04
CVE-2022-25779
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-05-04
CVE-2022-25780
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-05-04
CVE-2022-25781
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
CVSS Score
4.2
EPSS Score
0.006
Published
2022-05-04
CVE-2022-25782
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved