Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-6724
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-29
CVE-2025-11147
Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-09-29
CVE-2025-11146
Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-09-29
CVE-2025-10345
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-29
CVE-2025-10346
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-29
CVE-2025-10342
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-29
CVE-2025-10343
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-29
CVE-2025-10344
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-29
CVE-2025-10341
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-29
CVE-2025-48006
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-09-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved