Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80
CVSS Score
9.1
EPSS Score
0.0
Published
2025-11-03
CVE-2025-8558
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-11-03
CVE-2025-50363
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-03
CVE-2025-10280
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
CVSS Score
7.1
EPSS Score
0.0
Published
2025-11-03
CVE-2025-63449
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-03
CVE-2025-63450
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-03
CVE-2025-63451
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-03
CVE-2025-63452
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
CVSS Score
9.4
EPSS Score
0.0
Published
2025-11-03
CVE-2025-63453
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-03
CVE-2025-63446
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved