Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-59832
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-09-25
CVE-2025-59838
Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-25
CVE-2025-59830
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-46148
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-25
CVE-2025-46149
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-25
CVE-2025-46150
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-25
CVE-2025-46152
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-25
CVE-2025-46153
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-25
CVE-2025-55551
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-40836
Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-09-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved