Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2021-46897
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-22
CVE-2021-46898
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-10-22
CVE-2023-46303
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-10-22
CVE-2023-46300
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-22
CVE-2023-46301
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-22
CVE-2023-46298
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-10-22
CVE-2023-38276
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-10-22
CVE-2023-38735
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.
CVSS Score
5.7
EPSS Score
0.0
Published
2023-10-22
CVE-2023-38275
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-10-22
CVE-2023-46078
Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved