Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-64094
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-10-28
CVE-2025-64095
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
CVSS Score
10.0
EPSS Score
0.195
Published
2025-10-28
CVE-2025-62801
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-28
CVE-2025-62800
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-28
CVE-2025-12423
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-12424
Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-12425
Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
7.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-60800
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-28
CVE-2025-12422
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-54604
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved