Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2024-57579
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-01-16
CVE-2024-57580
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57581
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-01-16
CVE-2024-57582
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-01-16
CVE-2024-57583
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
CVSS Score
9.8
EPSS Score
0.022
Published
2025-01-16
CVE-2024-57575
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-01-16
CVE-2024-57577
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
CVSS Score
5.7
EPSS Score
0.002
Published
2025-01-16
CVE-2024-57578
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-16
CVE-2025-23639
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through <= 3.0.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-01-16
CVE-2024-56136
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-01-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved