Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-41336
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41337
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41338
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41339
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41340
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41113
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41114
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41111
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarComentariosByDenuncia.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-41112
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-04
CVE-2025-12493
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved