Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-40427
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-19
CVE-2022-40805
The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-19
CVE-2022-40806
The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-19
CVE-2022-40807
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-19
CVE-2022-40808
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-19
CVE-2022-40811
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-19
CVE-2022-2840
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
CVSS Score
9.8
EPSS Score
0.01
Published
2022-09-19
CVE-2022-2958
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections
CVSS Score
8.8
EPSS Score
0.003
Published
2022-09-19
CVE-2022-38341
Safe Software FME Server v2021.2.5 and below does not employ server-side validation.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-09-19
CVE-2022-38880
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved