Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-63710
The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an authenticated user, will automatically submit a forged POST request to the vulnerable endpoint. This request will be executed with the victim's privileges, allowing the attacker to perform unauthorized actions on their behalf, such as sending arbitrary messages in any chat room.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-10
CVE-2025-12480
Known exploited
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
CVSS Score
9.1
EPSS Score
0.704
Published
2025-11-10
CVE-2025-64685
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVSS Score
8.1
EPSS Score
0.0
Published
2025-11-10
CVE-2025-64686
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context
CVSS Score
3.1
EPSS Score
0.0
Published
2025-11-10
CVE-2025-64687
In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-10
CVE-2025-64688
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget
CVSS Score
7.4
EPSS Score
0.0
Published
2025-11-10
CVE-2025-64689
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token
CVSS Score
9.6
EPSS Score
0.0
Published
2025-11-10
CVE-2025-64690
In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-10
CVE-2025-64456
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
CVSS Score
8.4
EPSS Score
0.0
Published
2025-11-10
CVE-2025-64681
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVSS Score
2.7
EPSS Score
0.0
Published
2025-11-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved