Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-11375
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-28
CVE-2025-59837
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This vulnerability exists due to an incomplete fix for CVE-2025-58179. Fixed in 5.13.10.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-10-28
CVE-2025-12423
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-12424
Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-12425
Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-28
CVE-2025-40843
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-10-28
CVE-2025-60800
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-60355
zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-12422
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-54604
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved