Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2025
CVE-2025-22462
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
CVSS Score
9.8
EPSS Score
0.053
Published
2025-05-13
CVE-2025-28055
upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit
CVSS Score
7.5
EPSS Score
0.002
Published
2025-05-13
CVE-2024-46506
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.
CVSS Score
10.0
EPSS Score
0.821
Published
2025-05-13
CVE-2024-48766
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.
CVSS Score
8.6
EPSS Score
0.78
Published
2025-05-13
CVE-2025-44831
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-13
CVE-2025-45859
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-13
CVE-2025-45864
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-13
CVE-2025-45866
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-13
CVE-2025-45867
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-13
CVE-2025-32756
Known exploited
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
CVSS Score
9.8
EPSS Score
0.331
Published
2025-05-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved