Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-60781
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-20
CVE-2025-8048
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-20
CVE-2025-8049
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-10-20
CVE-2025-8051
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-20
CVE-2025-8052
SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-20
CVE-2025-8053
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-10-20
CVE-2025-55086
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-20
CVE-2025-47900
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
CVSS Score
8.8
EPSS Score
0.005
Published
2025-10-20
CVE-2025-47901
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
CVSS Score
8.8
EPSS Score
0.005
Published
2025-10-20
CVE-2025-47902
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved