Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2025
CVE-2025-43231
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-15
CVE-2025-24088
The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-15
CVE-2025-24197
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-15
CVE-2025-30468
This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-15
CVE-2025-31254
This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-15
CVE-2025-31255
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-15
CVE-2025-31268
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-15
CVE-2025-10483
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/save_user.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Other parameters might be affected as well.
CVSS Score
2.1
EPSS Score
0.0
Published
2025-09-15
CVE-2025-43802
Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web script or HTML via the externalReferenceCode parameter.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-09-15
CVE-2025-56274
SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved