Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2023-31779
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-22
CVE-2023-2597
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-05-22
CVE-2023-23797
Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-22
CVE-2023-25537
Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-05-22
CVE-2023-28709
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-05-22
CVE-2023-2832
SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-05-22
CVE-2022-47183
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-22
CVE-2022-47611
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-22
CVE-2022-45079
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-22
CVE-2022-45376
Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved