Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-10458
Parameters are not validated or sanitized, and are later used in various internal operations.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-09-19
CVE-2025-7403
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-09-19
CVE-2025-10456
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-09-19
CVE-2025-10457
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-19
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-19
CVE-2025-59715
SMSEagle before 6.11 allows reflected XSS via a username or contact phone number.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-09-19
CVE-2025-59714
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-19
CVE-2025-59713
Snipe-IT before 8.1.18 allows unsafe deserialization.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-09-19
CVE-2025-59712
Snipe-IT before 8.1.18 allows XSS.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-09-19
CVE-2025-30755
OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved