Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2025
CVE-2025-12593
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS Score
2.0
EPSS Score
0.001
Published
2025-11-02
CVE-2025-12603
/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
2.3
EPSS Score
0.0
Published
2025-11-01
CVE-2025-12599
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-11-01
CVE-2025-12600
Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-11-01
CVE-2025-12601
Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-11-01
CVE-2025-12602
/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
2.3
EPSS Score
0.0
Published
2025-11-01
CVE-2025-36367
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-01
CVE-2025-62275
Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers to view the images in a blog entry via crafted URL.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-11-01
CVE-2025-62276
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved