Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-38916
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
CVSS Score
9.8
EPSS Score
0.069
Published
2022-09-20
CVE-2022-35196
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-20
CVE-2021-33076
Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-09-20
CVE-2021-33079
Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.
CVSS Score
4.1
EPSS Score
0.001
Published
2022-09-20
CVE-2021-33081
Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.
CVSS Score
7.9
EPSS Score
0.0
Published
2022-09-20
CVE-2022-32167
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-20
CVE-2022-3245
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-09-20
CVE-2022-40955
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.
CVSS Score
8.8
EPSS Score
0.037
Published
2022-09-20
CVE-2022-2177
Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.
CVSS Score
9.4
EPSS Score
0.001
Published
2022-09-20
CVE-2022-3005
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved