Shodan
Vulnerabilities
Vulnerable Software
Broadcom:  Security Vulnerabilities
CVE-2025-22243
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-06-04
CVE-2025-22244
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-06-04
CVE-2025-22245
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-06-04
CVE-2024-22654
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-05-29
CVE-2025-22248
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
CVSS Score
9.4
EPSS Score
0.003
Published
2025-05-13
CVE-2025-3599
Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-30
CVE-2025-1976
Known exploited
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
CVSS Score
8.6
EPSS Score
0.008
Published
2025-04-24
CVE-2024-1509
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-02-28
CVE-2024-10405
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-02-15
CVE-2024-4282
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-02-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved