Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-56394
Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-23
CVE-2025-57639
OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.
CVSS Score
6.5
EPSS Score
0.094
Published
2025-09-23
CVE-2025-55780
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-23
CVE-2025-4993
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-09-23
CVE-2025-52905
Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-09-23
CVE-2025-29084
SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-23
CVE-2025-4582
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-09-23
CVE-2025-1255
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-09-23
CVE-2025-29083
SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-23
CVE-2025-0672
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may associate the new account with the previously registered FIDO device. This flaw may allow a previously deleted user to authenticate using their FIDO credentials and impersonate the newly created user, resulting in unauthorized access. The vulnerability applies only to deployments that utilize FIDO-based authentication.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-09-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved