Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2021-35283
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-07-07
CVE-2021-41042
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-07-07
CVE-2022-33680
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
8.3
EPSS Score
0.012
Published
2022-07-07
CVE-2022-32054
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.
CVSS Score
9.8
EPSS Score
0.11
Published
2022-07-07
CVE-2022-32055
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-07
CVE-2022-32056
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-07-07
CVE-2022-32058
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-07
CVE-2022-32449
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
CVSS Score
9.8
EPSS Score
0.133
Published
2022-07-07
CVE-2022-33098
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-07-07
CVE-2022-34592
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.18
Published
2022-07-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved