Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2025-20621
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-16
CVE-2024-57676
An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-16
CVE-2025-20072
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-16
CVE-2024-57773
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57774
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-16
CVE-2024-57776
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.6
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57768
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-01-16
CVE-2024-57769
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-16
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved