Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2021-41663
A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-13
CVE-2022-28217
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-13
CVE-2022-29455
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
CVSS Score
4.7
EPSS Score
0.558
Published
2022-06-13
CVE-2022-23167
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-06-13
CVE-2022-23168
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--
CVSS Score
5.9
EPSS Score
0.001
Published
2022-06-13
CVE-2022-23169
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-06-13
CVE-2021-46811
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-06-13
CVE-2021-46812
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-13
CVE-2021-46813
Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-13
CVE-2022-31055
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved