Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-48914
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-13
CVE-2025-48915
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-13
CVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-13
CVE-2025-28380
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-13
CVE-2025-28381
A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-13
CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-06-13
CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVSS Score
9.1
EPSS Score
0.006
Published
2025-06-13
CVE-2025-28388
OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-13
CVE-2025-46060
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
CVSS Score
9.8
EPSS Score
0.005
Published
2025-06-13
CVE-2025-49081
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-06-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved