Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-48137
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-05-16
CVE-2025-48138
Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-16
CVE-2025-48144
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-05-16
CVE-2025-48132
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-16
CVE-2025-39509
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook allows Stored XSS. This issue affects TNC FlipBook: from n/a through 12.1.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-16
CVE-2025-39481
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer allows Blind SQL Injection. This issue affects Eventer: from n/a through 3.9.6.
CVSS Score
9.3
EPSS Score
0.0
Published
2025-05-16
CVE-2025-39482
Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a through 3.9.6.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-16
CVE-2025-39493
Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-16
CVE-2025-39507
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-16
CVE-2025-4781
A vulnerability classified as critical has been found in PHPGurukul Park Ticketing Management System 2.0. Affected is an unknown function of the file /forgot-password.php. The manipulation of the argument email/contactno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-05-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved