Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2023-33509
KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-05-31
CVE-2023-33736
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-31
CVE-2023-3009
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVSS Score
8.1
EPSS Score
0.015
Published
2023-05-31
CVE-2023-33485
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-05-31
CVE-2023-33486
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-05-31
CVE-2023-33487
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-05-31
CVE-2023-33507
KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-31
CVE-2023-33508
KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).
CVSS Score
9.8
EPSS Score
0.02
Published
2023-05-31
CVE-2023-30285
An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-31
CVE-2023-3007
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved