Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-28121
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.003
Published
2025-04-21
CVE-2025-29287
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-21
CVE-2024-42699
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-21
CVE-2024-41446
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-04-21
CVE-2025-25228
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
CVSS Score
3.8
EPSS Score
0.0
Published
2025-04-21
CVE-2025-43970
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
CVSS Score
4.3
EPSS Score
0.0
Published
2025-04-21
CVE-2025-43971
An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
CVSS Score
8.6
EPSS Score
0.0
Published
2025-04-21
CVE-2025-43972
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-04-21
CVE-2025-43973
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-04-21
CVE-2025-43962
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-04-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved