Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-45854
/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-06-03
CVE-2025-23103
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-03
CVE-2025-43923
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-03
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-03
CVE-2025-43925
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-06-03
CVE-2025-5502
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.016
Published
2025-06-03
CVE-2025-46154
Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-06-03
CVE-2025-21479
Known exploited
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVSS Score
8.6
EPSS Score
0.034
Published
2025-06-03
CVE-2025-27038
Known exploited
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
CVSS Score
7.5
EPSS Score
0.037
Published
2025-06-03
CVE-2025-31710
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-06-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved