Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-55605
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-22
CVE-2025-55606
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-22
CVE-2025-55611
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-22
CVE-2025-51605
An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-08-22
CVE-2025-50674
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-22
CVE-2025-33120
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-22
CVE-2025-36042
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-22
CVE-2025-55573
QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-22
CVE-2025-9255
WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-22
CVE-2025-9256
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved