Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-12756
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65407
A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-63365
SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-12-01
CVE-2025-13836
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-01
CVE-2025-65406
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65408
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65403
A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65404
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-65405
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-01
CVE-2025-63534
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and error parameters, which are then executed in the victim's browser when the page is viewed.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-12-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved