Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-50401
Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-16
CVE-2025-50398
Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-16
CVE-2025-29231
A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-16
CVE-2025-37164
Known exploited
A remote code execution issue exists in HPE OneView.
CVSS Score
10.0
EPSS Score
0.849
Published
2025-12-16
CVE-2023-53898
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-16
CVE-2023-53899
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-16
CVE-2023-53901
WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-16
CVE-2023-53902
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.
CVSS Score
6.5
EPSS Score
0.008
Published
2025-12-16
CVE-2023-53903
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-16
CVE-2023-53894
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-12-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved