Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2023-53894
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-12-16
CVE-2023-53895
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-12-16
CVE-2023-53897
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-16
CVE-2025-68164
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-16
CVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-16
CVE-2025-68166
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-16
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-16
CVE-2025-68268
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-16
CVE-2025-68269
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-16
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved