Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-66737
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-12-26
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-26
CVE-2024-44065
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-12-26
CVE-2025-66738
An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-26
CVE-2025-67013
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-26
CVE-2025-67014
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-26
CVE-2025-67015
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-26
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-12-26
CVE-2024-29720
An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-26
CVE-2025-64645
IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
CVSS Score
7.7
EPSS Score
0.0
Published
2025-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved