Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-58044
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65838
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-63317
Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-01
CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-01
CVE-2025-51683
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
CVSS Score
9.8
EPSS Score
0.002
Published
2025-12-01
CVE-2025-12756
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65407
A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-63365
SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65406
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved