Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-6110
A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-16
CVE-2025-48914
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-13
CVE-2025-48915
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-13
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-13
CVE-2025-28380
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-13
CVE-2025-28381
A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-13
CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-06-13
CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
9.1
EPSS Score
0.006
Published
2025-06-13
CVE-2025-28386
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-06-13
CVE-2025-28388
OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved