Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2025-21385
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
CVSS Score
8.8
EPSS Score
0.486
Published
2025-01-09
CVE-2024-13312
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-09
CVE-2024-55224
An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.
CVSS Score
9.6
EPSS Score
0.004
Published
2025-01-09
CVE-2024-55225
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-01-09
CVE-2024-55226
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-09
CVE-2024-13301
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-09
CVE-2024-13302
Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-09
CVE-2024-13303
Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-09
CVE-2024-13304
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3.
CVSS Score
4.5
EPSS Score
0.0
Published
2025-01-09
CVE-2024-13305
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved