Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-32982
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-04-25
CVE-2025-32983
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-04-25
CVE-2025-32984
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-04-25
CVE-2025-32985
NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-25
CVE-2025-32986
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-04-25
CVE-2025-32979
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-25
CVE-2025-28128
An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request.
CVSS Score
7.0
EPSS Score
0.003
Published
2025-04-25
CVE-2025-3935
Known exploited
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.  It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server.  The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior.  This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.
CVSS Score
8.1
EPSS Score
0.155
Published
2025-04-25
CVE-2024-30152
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-25
CVE-2025-25775
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved