Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2025
CVE-2025-68383
Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-18
CVE-2025-68384
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-18
CVE-2025-68388
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-18
CVE-2025-64677
Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-12-18
CVE-2025-65037
Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-18
CVE-2025-65041
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-18
CVE-2025-65046
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
3.1
EPSS Score
0.001
Published
2025-12-18
CVE-2025-64663
Custom Question Answering Elevation of Privilege Vulnerability
CVSS Score
9.9
EPSS Score
0.001
Published
2025-12-18
CVE-2025-64676
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-18
CVE-2025-34449
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved