Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2025
CVE-2024-44662
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
CVE-2024-44663
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
CVE-2024-46335
PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-17
CVE-2024-44654
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
CVE-2024-44655
PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-17
CVE-2024-44658
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
CVE-2025-64756
Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <command> <patterns> are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-17
CVE-2025-55055
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS Score
6.8
EPSS Score
0.001
Published
2025-11-17
CVE-2025-55056
Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVSS Score
4.8
EPSS Score
0.0
Published
2025-11-17
CVE-2025-55057
Multiple CWE-352 Cross-Site Request Forgery (CSRF)
CVSS Score
4.5
EPSS Score
0.0
Published
2025-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved