Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2025
CVE-2025-51511
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-12-23
CVE-2025-65410
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-12-23
CVE-2025-65713
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-23
CVE-2025-33222
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-23
CVE-2025-33223
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-23
CVE-2025-33224
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-23
CVE-2024-57521
SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
CVSS Score
10.0
EPSS Score
0.003
Published
2025-12-23
CVE-2025-29228
Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-12-23
CVE-2025-29229
linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-12-23
CVE-2025-67109
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved