Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-46544
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.
CVSS Score
6.4
EPSS Score
0.001
Published
2025-04-25
CVE-2025-43861
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-04-24
CVE-2025-25777
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-04-24
CVE-2023-37516
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-04-24
CVE-2024-30127
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-04-24
CVE-2022-44759
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-04-24
CVE-2022-44760
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.
CVSS Score
4.6
EPSS Score
0.001
Published
2025-04-24
CVE-2024-30114
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-04-24
CVE-2024-30147
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-24
CVE-2025-31324
Known exploited
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
CVSS Score
10.0
EPSS Score
0.347
Published
2025-04-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved