Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2022-2890
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS Score
9.0
EPSS Score
0.001
Published
2022-08-22
CVE-2022-2932
Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-22
CVE-2022-1340
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS Score
7.0
EPSS Score
0.001
Published
2022-08-22
CVE-2022-2930
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-08-22
CVE-2022-2927
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-08-22
CVE-2022-2841
A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.40.15409, 6.42.15611 and 6.44.15807 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-206880.
CVSS Score
2.7
EPSS Score
0.012
Published
2022-08-22
CVE-2022-36198
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-22
CVE-2022-36251
Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-22
CVE-2022-34916
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-08-21
CVE-2022-2885
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-08-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved