Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-22973
An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25662
Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25663
A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25664
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25667
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25668
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25674
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25675
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-20
CVE-2025-25676
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-20
CVE-2025-25958
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-02-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved