Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-62402
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-10-30
CVE-2025-62503
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
CVSS Score
4.6
EPSS Score
0.001
Published
2025-10-30
CVE-2025-9954
Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-30
CVE-2025-10928
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-10-30
CVE-2025-10929
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-10-30
CVE-2025-10930
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-30
CVE-2025-10931
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
CVSS Score
3.8
EPSS Score
0.0
Published
2025-10-30
CVE-2025-12082
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-30
CVE-2025-12083
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-30
CVE-2025-12466
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved