Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2025
CVE-2025-29359
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-13
CVE-2025-29360
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-03-13
CVE-2025-29361
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-13
CVE-2025-29362
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-13
CVE-2024-57348
Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters.
CVSS Score
6.1
EPSS Score
0.006
Published
2025-03-13
CVE-2024-28803
Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter
CVSS Score
6.1
EPSS Score
0.002
Published
2025-03-13
CVE-2024-22880
Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component.
CVSS Score
4.7
EPSS Score
0.003
Published
2025-03-13
CVE-2025-2277
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-13
CVE-2025-2278
Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-03-13
CVE-2025-2280
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-03-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved