Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2021-40326
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-29
CVE-2021-41780
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-08-29
CVE-2021-41781
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-29
CVE-2021-41782
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-29
CVE-2021-41783
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-29
CVE-2022-34668
NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
CVSS Score
9.8
EPSS Score
0.2
Published
2022-08-29
CVE-2022-36572
Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.
CVSS Score
9.8
EPSS Score
0.137
Published
2022-08-29
CVE-2022-36573
A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-29
CVE-2022-36610
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-29
CVE-2022-36611
TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved