Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2023-31701
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.
CVSS Score
8.8
EPSS Score
0.013
Published
2023-05-17
CVE-2023-31722
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-17
CVE-2023-2679
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.
CVSS Score
4.1
EPSS Score
0.001
Published
2023-05-17
CVE-2023-30438
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.
CVSS Score
9.3
EPSS Score
0.0
Published
2023-05-17
CVE-2023-31698
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVSS Score
5.4
EPSS Score
0.004
Published
2023-05-17
CVE-2023-31699
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
CVSS Score
4.8
EPSS Score
0.003
Published
2023-05-17
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
CVSS Score
7.2
EPSS Score
0.016
Published
2023-05-17
CVE-2023-31703
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
CVSS Score
9.0
EPSS Score
0.013
Published
2023-05-17
CVE-2023-31902
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
CVSS Score
9.8
EPSS Score
0.079
Published
2023-05-17
CVE-2023-31903
GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.
CVSS Score
9.8
EPSS Score
0.043
Published
2023-05-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved