Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-7166
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-07-08
CVE-2025-25270
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-07-08
CVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24004
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
CVSS Score
5.2
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24005
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24006
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-25268
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-25269
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24002
An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-07-08
CVE-2025-24003
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-07-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved