Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-1432
Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-18
CVE-2022-1727
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
CVSS Score
8.3
EPSS Score
0.011
Published
2022-05-18
CVE-2022-23067
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-05-18
CVE-2022-23068
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-18
CVE-2022-28955
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
CVSS Score
7.5
EPSS Score
0.927
Published
2022-05-18
CVE-2022-28956
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
CVSS Score
9.8
EPSS Score
0.284
Published
2022-05-18
CVE-2022-29638
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-18
CVE-2022-29639
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.
CVSS Score
8.1
EPSS Score
0.022
Published
2022-05-18
CVE-2022-29640
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-18
CVE-2022-29641
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved