Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-25477
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.
CVSS Score
8.1
EPSS Score
0.004
Published
2025-02-28
CVE-2024-36047
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-27
CVE-2024-37566
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-27
CVE-2024-37567
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.
CVSS Score
9.1
EPSS Score
0.003
Published
2025-02-27
CVE-2024-36046
Infoblox NIOS through 8.6.4 executes with more privileges than required.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-27
CVE-2025-26325
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-27
CVE-2024-38290
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-02-27
CVE-2024-38291
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-02-27
CVE-2024-38292
In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-02-27
CVE-2024-51138
Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.
CVSS Score
9.8
EPSS Score
0.011
Published
2025-02-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved