Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2023-49883
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-10-01
CVE-2023-50300
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-10-01
CVE-2025-56514
Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-01
CVE-2023-50301
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
CVSS Score
1.9
EPSS Score
0.0
Published
2025-10-01
CVE-2025-61044
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.
CVSS Score
9.8
EPSS Score
0.058
Published
2025-10-01
CVE-2025-61045
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.
CVSS Score
9.8
EPSS Score
0.058
Published
2025-10-01
CVE-2025-59684
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventory_dimensions_dict parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved