Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt, modify, and re-encrypt the update manifest, allowing them to direct the application to download a malicious update package.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60917
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60633
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60638
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60914
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60915
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60916
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-24
CVE-2025-56423
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages
CVSS Score
5.3
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60632
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-24
CVE-2025-12969
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved