Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-29822
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
CVSS Score
7.8
EPSS Score
0.008
Published
2025-04-08
CVE-2025-29823
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.006
Published
2025-04-08
CVE-2025-29824
Known exploited
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.003
Published
2025-04-08
CVE-2025-32035
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
CVSS Score
2.6
EPSS Score
0.001
Published
2025-04-08
CVE-2025-32036
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.
CVSS Score
4.2
EPSS Score
0.002
Published
2025-04-08
CVE-2025-29812
Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.006
Published
2025-04-08
CVE-2025-29816
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-08
CVE-2025-29819
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
CVSS Score
6.2
EPSS Score
0.014
Published
2025-04-08
CVE-2025-29820
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.006
Published
2025-04-08
CVE-2025-29821
Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.008
Published
2025-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved