Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2023-27921
JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-05-23
CVE-2023-27922
Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS Score
6.1
EPSS Score
0.075
Published
2023-05-23
CVE-2023-27923
Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-05-23
CVE-2023-27925
Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
CVSS Score
5.4
EPSS Score
0.007
Published
2023-05-23
CVE-2023-31740
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-05-23
CVE-2023-31741
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-05-23
CVE-2023-31814
D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-23
CVE-2023-31826
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-05-23
CVE-2023-31994
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-05-23
CVE-2023-31995
Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
5.4
EPSS Score
0.004
Published
2023-05-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved