Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-67172
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.
CVSS Score
7.2
EPSS Score
0.004
Published
2025-12-17
CVE-2025-66923
A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-17
CVE-2025-67165
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-17
CVE-2025-67285
A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate cleaning or validation.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-17
CVE-2025-53398
The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-17
CVE-2025-53919
An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-17
CVE-2025-66921
A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-17
CVE-2025-67164
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-12-17
CVE-2025-20393
Known exploited
Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.
CVSS Score
10.0
EPSS Score
0.068
Published
2025-12-17
CVE-2025-62190
Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpage or crafted link
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved