Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-29685
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-26
CVE-2022-29686
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-26
CVE-2021-34360
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
CVSS Score
5.3
EPSS Score
0.001
Published
2022-05-26
CVE-2021-4231
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.
CVSS Score
3.5
EPSS Score
0.015
Published
2022-05-26
CVE-2021-40317
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-05-26
CVE-2022-29720
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-26
CVE-2022-29721
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-26
CVE-2021-42859
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-26
CVE-2021-42860
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-26
CVE-2021-42692
There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-05-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved