Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2025
CVE-2025-54833
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-07-31
CVE-2025-54834
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-07-31
CVE-2025-51385
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-07-31
CVE-2025-51503
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-07-31
CVE-2025-54832
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-31
CVE-2025-51383
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-07-31
CVE-2025-51384
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-07-31
CVE-2025-50866
CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-07-31
CVE-2024-34327
Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-31
CVE-2025-8409
A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-07-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved