Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-54966
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-23
CVE-2025-60837
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-60859
Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50951
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50950
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50949
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56008
Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56009
Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved