Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2022
CVE-2022-40123
mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-10-03
CVE-2022-32173
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-03
CVE-2022-36551
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.
CVSS Score
6.5
EPSS Score
0.02
Published
2022-10-03
CVE-2022-40886
DedeCMS 5.7.98 has a file upload vulnerability in the background.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-03
CVE-2022-41040
Known exploited
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.942
Published
2022-10-03
CVE-2022-41082
Known exploited
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
8.0
EPSS Score
0.918
Published
2022-10-03
CVE-2022-42003
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-10-02
CVE-2022-42004
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-02
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-10-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved