Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-65408
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65403
A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65404
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65405
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-63534
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and error parameters, which are then executed in the victim's browser when the page is viewed.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-63535
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.
CVSS Score
9.6
EPSS Score
0.001
Published
2025-12-01
CVE-2025-64775
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-01
CVE-2025-61228
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-01
CVE-2025-61229
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-01
CVE-2025-63095
Improper input validation in the BitstreamWriter::write_bits() function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved