Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-24577
Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-17
CVE-2024-55238
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-04-17
CVE-2024-56518
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-04-17
CVE-2025-29046
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value
CVSS Score
9.8
EPSS Score
0.011
Published
2025-04-17
CVE-2025-29047
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser
CVSS Score
9.8
EPSS Score
0.011
Published
2025-04-17
CVE-2025-25234
Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-17
CVE-2025-29040
An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c
CVSS Score
9.8
EPSS Score
0.028
Published
2025-04-17
CVE-2025-29041
An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c
CVSS Score
9.8
EPSS Score
0.028
Published
2025-04-17
CVE-2025-29044
Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value
CVSS Score
9.8
EPSS Score
0.011
Published
2025-04-17
CVE-2025-29045
Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value
CVSS Score
9.8
EPSS Score
0.011
Published
2025-04-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved