Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-65185
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.
CVSS Score
2.8
EPSS Score
0.0
Published
2025-12-17
CVE-2025-66921
A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-17
CVE-2025-67164
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-12-17
CVE-2025-20393
Known exploited
Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.
CVSS Score
10.0
EPSS Score
0.068
Published
2025-12-17
CVE-2024-29370
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-17
CVE-2024-29371
In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-17
CVE-2022-23851
Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-17
CVE-2025-62190
Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpage or crafted link
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-17
CVE-2025-62690
Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.
CVSS Score
3.1
EPSS Score
0.0
Published
2025-12-17
CVE-2025-13352
Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts.
CVSS Score
3.0
EPSS Score
0.0
Published
2025-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved