Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-26156
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.
CVSS Score
8.8
EPSS Score
0.027
Published
2025-02-14
CVE-2025-26157
A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter.
CVSS Score
5.9
EPSS Score
0.008
Published
2025-02-14
CVE-2025-26158
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.
CVSS Score
5.6
EPSS Score
0.005
Published
2025-02-14
CVE-2025-26506
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVSS Score
9.2
EPSS Score
0.021
Published
2025-02-14
CVE-2025-26507
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVSS Score
6.3
EPSS Score
0.025
Published
2025-02-14
CVE-2025-26508
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVSS Score
8.3
EPSS Score
0.021
Published
2025-02-14
CVE-2025-25988
Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2025-02-14
CVE-2025-25990
Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-02-14
CVE-2025-25991
SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-02-14
CVE-2025-25992
SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.
CVSS Score
5.1
EPSS Score
0.002
Published
2025-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved