Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-7430
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
CVE-2025-7632
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
CVE-2025-7633
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
CVE-2017-20210
Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-11
CVE-2025-7429
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
CVE-2025-8108
An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-11-11
CVE-2025-5718
The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-11-11
CVE-2025-6779
An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-11-11
CVE-2025-5452
A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.6
EPSS Score
0.001
Published
2025-11-11
CVE-2025-5454
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-11-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved