Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2025-23061
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.
CVSS Score
9.0
EPSS Score
0.648
Published
2025-01-15
CVE-2025-21101
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-01-15
CVE-2025-22996
A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-01-15
CVE-2025-22997
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-01-15
CVE-2024-57763
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-01-15
CVE-2024-57764
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-01-15
CVE-2024-57765
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-01-15
CVE-2024-57766
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-01-15
CVE-2024-57767
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
CVSS Score
8.6
EPSS Score
0.002
Published
2025-01-15
CVE-2024-57757
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved