Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-55471
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-26
CVE-2025-11461
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-26
CVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-26
CVE-2025-65237
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-26
CVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-26
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-26
CVE-2025-63938
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-26
CVE-2025-65235
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-26
CVE-2025-46175
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
CVE-2025-50402
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved