Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-65000
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-18
CVE-2025-40602
Known exploited
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
CVSS Score
6.6
EPSS Score
0.003
Published
2025-12-18
CVE-2025-64997
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-18
CVE-2025-14874
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-18
CVE-2025-64258
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-18
CVE-2025-64217
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-12-18
CVE-2025-60089
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18
CVE-2025-60090
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18
CVE-2025-60091
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18
CVE-2025-60174
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved