Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt, modify, and re-encrypt the update manifest, allowing them to direct the application to download a malicious update package.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60917
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60633
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60638
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60914
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-60915
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60916
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-11-24
CVE-2025-56401
ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-11-24
CVE-2025-56423
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages
CVSS Score
5.3
EPSS Score
0.001
Published
2025-11-24
CVE-2025-60632
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved