Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-63951
An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, causing the application to process them and leading to errors or a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-12-18
CVE-2025-63947
A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-18
CVE-2025-63948
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-18
CVE-2025-63949
A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-12-18
CVE-2025-63950
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b (2023-02-28). The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-12-18
CVE-2025-46268
Advantech WebAccess/SCADA  is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-12-18
CVE-2025-14848
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-12-18
CVE-2025-14849
Advantech WebAccess/SCADA  is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-18
CVE-2025-14850
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
CVSS Score
8.1
EPSS Score
0.002
Published
2025-12-18
CVE-2025-67163
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved