Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2024-42200
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-04-15
CVE-2024-50960
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system.
CVSS Score
7.2
EPSS Score
0.043
Published
2025-04-15
CVE-2024-42189
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
CVSS Score
5.6
EPSS Score
0.002
Published
2025-04-15
CVE-2025-29817
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
CVSS Score
5.7
EPSS Score
0.011
Published
2025-04-15
CVE-2025-28198
A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-04-15
CVE-2025-24948
In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-04-15
CVE-2025-24949
In JotUrl 2.0, is possible to bypass security requirements during the password change process.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-15
CVE-2020-18243
SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php.
CVSS Score
6.5
EPSS Score
0.005
Published
2025-04-15
CVE-2025-32947
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-15
CVE-2025-32948
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved