Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-2754
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks
CVSS Score
9.8
EPSS Score
0.194
Published
2022-09-19
CVE-2022-38617
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-19
CVE-2022-40778
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-09-19
CVE-2022-3235
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-18
CVE-2022-40774
An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-18
CVE-2022-40775
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-18
CVE-2022-40769
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
CVSS Score
7.5
EPSS Score
0.014
Published
2022-09-18
CVE-2022-25873
The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.
CVSS Score
4.6
EPSS Score
0.002
Published
2022-09-18
CVE-2022-40766
Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-18
CVE-2022-40768
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved