Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-60859
Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50951
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50950
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-50949
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-12114
Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56008
Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-23
CVE-2025-56009
Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-23
CVE-2025-62256
Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers to access the OpenAPI YAML file via a crafted URL.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-10-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved