Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-56514
Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-01
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers (onmouseover) to be uploaded and stored. When rendered, these SVG files execute arbitrary JavaScript, enabling attackers to steal user sessions, cookies, and perform unauthorized actions in the context of users viewing affected profiles.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-01
CVE-2023-50301
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
CVSS Score
1.9
EPSS Score
0.0
Published
2025-10-01
CVE-2025-61044
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.
CVSS Score
9.8
EPSS Score
0.044
Published
2025-10-01
CVE-2025-61045
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.
CVSS Score
9.8
EPSS Score
0.058
Published
2025-10-01
CVE-2025-59684
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventory_dimensions_dict parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52039
In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved