Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-35725
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-09-09
CVE-2022-36280
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVSS Score
6.3
EPSS Score
0.0
Published
2022-09-09
CVE-2022-36356
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-09-09
CVE-2022-36376
Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
CVSS Score
6.8
EPSS Score
0.006
Published
2022-09-09
CVE-2022-36422
Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-09
CVE-2022-36423
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-09-09
CVE-2022-36793
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-09-09
CVE-2022-36841
A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-09-09
CVE-2022-36842
A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-09-09
CVE-2022-26390
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
CVSS Score
4.2
EPSS Score
0.001
Published
2022-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved