Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-60837
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-60859
Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50951
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50950
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50949
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56008
Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56009
Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-23
CVE-2025-53701
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved