Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-46382
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-04
CVE-2023-46963
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-11-04
CVE-2023-40922
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().
CVSS Score
9.8
EPSS Score
0.001
Published
2023-11-04
CVE-2023-46380
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-04
CVE-2023-46381
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-11-04
CVE-2023-32741
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-11-04
CVE-2023-35910
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-04
CVE-2023-38391
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-11-04
CVE-2023-40215
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-11-04
CVE-2023-36677
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved