Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2025
CVE-2025-20955
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20957
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20958
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20959
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20937
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-05-07
CVE-2025-0667
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-07
CVE-2025-0668
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-07
CVE-2025-0669
Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-05-07
CVE-2024-12120
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-07
CVE-2025-0666
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved