Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
Infoblox NIOS through 8.6.4 executes with more privileges than required.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-27
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-27
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-27
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-02-27
In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-27
Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-02-27
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-02-27
GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-27
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-02-27
A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-27


Contact Us

Shodan ® - All rights reserved