Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-48074
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-01
CVE-2025-51501
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-08-01
CVE-2025-51502
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-08-01
CVE-2025-51504
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-08-01
CVE-2025-44139
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
CVSS Score
7.2
EPSS Score
0.001
Published
2025-08-01
CVE-2025-52327
SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-01
CVE-2025-41374
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-01
CVE-2025-41371
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb_v4/integra/html/view/acceso.php
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-01
CVE-2025-41372
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-01
CVE-2025-41373
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved