Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-60917
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60633
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60638
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60914
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60915
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60916
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-11-24
CVE-2025-56401
ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-56423
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages
CVSS Score
5.3
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60632
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24
CVE-2025-10554
A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-11-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved