Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-29
CVE-2025-69929
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-29
CVE-2025-63649
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-29
CVE-2025-63650
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVSS Score
7.5
EPSS Score
0.009
Published
2026-01-29
CVE-2025-63651
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVSS Score
7.5
EPSS Score
0.009
Published
2026-01-29
CVE-2025-63652
A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVSS Score
7.5
EPSS Score
0.009
Published
2026-01-29
CVE-2025-63653
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVSS Score
7.5
EPSS Score
0.009
Published
2026-01-29
CVE-2025-63655
A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVSS Score
7.5
EPSS Score
0.009
Published
2026-01-29
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the uploaded file URL.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-01-29
CVE-2026-1457
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved