Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-43963
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-04-21
CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
CVSS Score
2.9
EPSS Score
0.001
Published
2025-04-21
CVE-2025-43966
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-04-21
CVE-2025-43967
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVSS Score
2.9
EPSS Score
0.001
Published
2025-04-21
CVE-2025-43961
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-04-21
CVE-2020-36845
The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-20
CVE-2020-36844
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-04-20
CVE-2025-43955
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.
CVSS Score
2.2
EPSS Score
0.0
Published
2025-04-20
CVE-2025-43954
QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-04-20
CVE-2025-3830
A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-04-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved