Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-1441
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-02-19
CVE-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
CVSS Score
7.8
EPSS Score
0.002
Published
2025-02-18
CVE-2025-25472
A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-02-18
CVE-2025-25474
DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-02-18
CVE-2025-25475
A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-02-18
CVE-2025-27113
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
CVSS Score
2.9
EPSS Score
0.001
Published
2025-02-18
CVE-2024-57254
An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2024-57255
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2024-57256
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2024-57257
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
CVSS Score
2.0
EPSS Score
0.0
Published
2025-02-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved