Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2024-38417
Information disclosure while processing IO control commands.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-03
CVE-2024-38418
Memory corruption while parsing the memory map info in IOCTL calls.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-02-03
CVE-2024-38404
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-03
CVE-2025-24605
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-02-03
CVE-2025-24559
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-03
CVE-2025-22693
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-02-03
CVE-2024-50500
Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-03
CVE-2024-57522
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
CVSS Score
6.4
EPSS Score
0.009
Published
2025-02-03
CVE-2024-13347
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-02-03
CVE-2025-20640
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved