Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-1453
The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.0
Published
2025-04-24
CVE-2025-1976
Known exploited
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
CVSS Score
6.7
EPSS Score
0.007
Published
2025-04-24
CVE-2025-46417
The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-24
CVE-2025-25045
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-04-23
CVE-2025-25046
IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-04-23
CVE-2024-22351
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-23
CVE-2025-46399
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-04-23
CVE-2025-46400
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-04-23
CVE-2025-46397
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-04-23
CVE-2025-46398
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved