Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-35071
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-27
CVE-2023-35074
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-09-27
CVE-2023-35793
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-27
CVE-2023-35984
The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-09-27
CVE-2023-35990
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-09-27
CVE-2023-30471
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-09-27
CVE-2023-30472
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <= 1.0.17 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-09-27
CVE-2023-30493
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-09-27
CVE-2023-30959
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
CVSS Score
4.1
EPSS Score
0.002
Published
2023-09-27
CVE-2023-2315
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
CVSS Score
8.1
EPSS Score
0.003
Published
2023-09-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved