Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-60267
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-09
CVE-2025-11550
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-09
CVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-09
CVE-2025-60304
code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-09
CVE-2025-11371
Known exploited
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
CVSS Score
7.5
EPSS Score
0.431
Published
2025-10-09
CVE-2025-11549
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-10-09
CVE-2025-61577
D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-09
CVE-2025-60265
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-09
CVE-2025-60302
code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-09
CVE-2025-56426
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved