Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-12424
Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-12425
Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-28
CVE-2025-60800
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-28
CVE-2025-12422
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-54604
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-54605
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-61104
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-61106
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-61107
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
CVE-2025-34317
IPFire versions prior to 2.29 (Core Update 198) containĀ a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HTTP POST request to /cgi-bin/dns.cgi and the TLS hostname is provided in the TLS_HOSTNAME parameter. The value of this parameter is stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected DNS configuration.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved