Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-62598
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-21
CVE-2025-62597
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-21
CVE-2025-61181
daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
CVE-2025-61194
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
CVE-2025-59438
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-21
CVE-2025-6239
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
CVE-2025-10020
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
CVSS Score
8.5
EPSS Score
0.009
Published
2025-10-21
CVE-2025-9428
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
CVSS Score
8.3
EPSS Score
0.002
Published
2025-10-21
CVE-2025-7473
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
CVSS Score
5.2
EPSS Score
0.0
Published
2025-10-21
CVE-2025-6542
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-10-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved