Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-65675
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-11-26
CVE-2025-65676
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-11-26
CVE-2025-65669
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-11-26
CVE-2025-65672
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
CVE-2025-26155
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-26
CVE-2025-2486
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-26
CVE-2025-55469
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-26
CVE-2025-55471
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
CVE-2025-11461
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-26
CVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved