Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-05-24
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-05-24
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-24
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-24
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-05-23
In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-23
Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-05-23
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-05-23
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-23
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-23


Contact Us

Shodan ® - All rights reserved