Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-29567
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
CVSS Score
5.7
EPSS Score
0.002
Published
2022-05-24
CVE-2022-30838
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-24
CVE-2022-30839
Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-24
CVE-2022-30842
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-05-24
CVE-2022-30843
Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-24
CVE-2022-31261
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-24
CVE-2021-44975
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-05-24
CVE-2021-45914
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-05-24
CVE-2021-45915
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-05-24
CVE-2022-1850
Path Traversal in GitHub repository filegator/filegator prior to 7.8.0.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-05-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved