Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-56379
A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-02
CVE-2025-56380
Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-02
CVE-2025-56381
ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-02
CVE-2025-61734
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-02
CVE-2025-61735
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-02
CVE-2025-61733
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-02
CVE-2023-49881
IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-01
CVE-2023-49883
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-10-01
CVE-2023-50300
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-10-01
CVE-2023-50301
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
CVSS Score
1.9
EPSS Score
0.0
Published
2025-10-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved