Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-0160
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
CVSS Score
8.1
EPSS Score
0.002
Published
2025-02-28
CVE-2025-25428
TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-02-28
CVE-2025-25429
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-02-28
CVE-2025-25609
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa
CVSS Score
8.0
EPSS Score
0.0
Published
2025-02-28
CVE-2025-25430
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-02-28
CVE-2025-25431
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-02-28
CVE-2024-54175
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-28
CVE-2025-0985
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-02-28
CVE-2025-26047
Loggrove v1.0 is vulnerable to SQL Injection in the read.py file.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-02-28
CVE-2025-25461
A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server and rendered without proper sanitization or output encoding. This results in the XSS payload executing in the browser of any user who views the document.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-02-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved