Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-62503
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
CVSS Score
4.6
EPSS Score
0.001
Published
2025-10-30
CVE-2025-9954
Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-30
CVE-2025-10928
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-10-30
CVE-2025-10929
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-10-30
CVE-2025-10930
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-30
CVE-2025-10931
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
CVSS Score
3.8
EPSS Score
0.0
Published
2025-10-30
CVE-2025-12082
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-30
CVE-2025-12083
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-30
CVE-2025-12466
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-30
CVE-2025-62257
Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved