Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-28103
Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-04-21
CVE-2025-28104
Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-04-21
CVE-2025-27086
A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-04-21
CVE-2024-57394
The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-04-21
CVE-2025-28099
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,
CVSS Score
4.3
EPSS Score
0.001
Published
2025-04-21
CVE-2025-28102
A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-04-21
CVE-2025-29446
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-04-21
CVE-2025-28367
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.
CVSS Score
6.5
EPSS Score
0.054
Published
2025-04-21
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-04-21
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-04-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved