Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2025
CVE-2025-20913
Out-of-bounds read in applying binary of drawing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-06
CVE-2025-20914
Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-06
CVE-2025-20915
Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-06
CVE-2025-20916
Out-of-bounds read in reading string of SPen in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-06
CVE-2025-20917
Out-of-bounds read in applying binary of pdf content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-06
CVE-2025-20918
Out-of-bounds read in applying extra data of base content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-06
CVE-2025-27623
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-03-05
CVE-2025-27624
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-05
CVE-2025-27625
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-05
CVE-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved