Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2025
CVE-2025-47549
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-05-07
CVE-2025-47550
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16.
CVSS Score
6.6
EPSS Score
0.001
Published
2025-05-07
CVE-2025-47538
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.17.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-05-07
CVE-2025-47540
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail allows Retrieve Embedded Sensitive Data. This issue affects weMail: from n/a through 1.14.13.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-05-07
CVE-2025-47542
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-07
CVE-2025-47543
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-07
CVE-2025-47517
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-05-07
CVE-2025-29448
Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-07
CVE-2025-2775
Known exploited
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
CVSS Score
9.3
EPSS Score
0.518
Published
2025-05-07
CVE-2025-2776
Known exploited
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
CVSS Score
9.3
EPSS Score
0.471
Published
2025-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved