Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2025-23209
Known exploited
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
CVSS Score
8.0
EPSS Score
0.047
Published
2025-01-18
CVE-2024-57727
Known exploited
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVSS Score
7.5
EPSS Score
0.938
Published
2025-01-15
CVE-2025-21333
Known exploited
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.729
Published
2025-01-14
CVE-2025-21334
Known exploited
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.041
Published
2025-01-14
CVE-2025-21335
Known exploited
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.055
Published
2025-01-14
CVE-2024-13159
Known exploited
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS Score
9.8
EPSS Score
0.939
Published
2025-01-14
CVE-2024-13160
Known exploited
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS Score
9.8
EPSS Score
0.919
Published
2025-01-14
CVE-2024-13161
Known exploited
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVSS Score
9.8
EPSS Score
0.896
Published
2025-01-14
CVE-2024-55591
Known exploited
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVSS Score
9.8
EPSS Score
0.942
Published
2025-01-14
CVE-2024-53704
Known exploited
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVSS Score
9.8
EPSS Score
0.938
Published
2025-01-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved