Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-41714
fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-11-03
CVE-2022-42442
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-11-03
CVE-2022-40131
Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-03
CVE-2022-35717
"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-11-03
CVE-2022-36404
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-11-03
CVE-2022-36428
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-03
CVE-2022-38710
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-11-03
CVE-2022-38712
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."
CVSS Score
5.9
EPSS Score
0.001
Published
2022-11-03
CVE-2022-25952
Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-03
CVE-2022-30608
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved