Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2023-49881
IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-01
CVE-2023-49883
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-10-01
CVE-2023-50300
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-10-01
CVE-2025-56514
Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-01
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers (onmouseover) to be uploaded and stored. When rendered, these SVG files execute arbitrary JavaScript, enabling attackers to steal user sessions, cookies, and perform unauthorized actions in the context of users viewing affected profiles.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-01
CVE-2023-50301
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
CVSS Score
1.9
EPSS Score
0.0
Published
2025-10-01
CVE-2025-61044
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.
CVSS Score
9.8
EPSS Score
0.044
Published
2025-10-01
CVE-2025-61045
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.
CVSS Score
9.8
EPSS Score
0.043
Published
2025-10-01
CVE-2025-59684
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-01
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type parameter.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved