Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-11797
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-11-12
CVE-2025-11795
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-11-12
CVE-2025-64281
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-12
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file
CVSS Score
9.1
EPSS Score
0.0
Published
2025-11-12
CVE-2025-63353
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.
CVSS Score
9.8
EPSS Score
0.02
Published
2025-11-12
CVE-2025-64280
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-12
CVE-2025-11366
N-central < 2025.4 is vulnerable to authentication bypass via path traversal
CVSS Score
9.8
EPSS Score
0.002
Published
2025-11-12
CVE-2025-11367
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
CVSS Score
9.8
EPSS Score
0.009
Published
2025-11-12
CVE-2025-11700
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
CVSS Score
7.5
EPSS Score
0.585
Published
2025-11-12
CVE-2025-63666
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved