Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2025
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-16
CVE-2025-68268
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVSS Score
5.4
EPSS Score
0.003
Published
2025-12-16
CVE-2025-68269
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-16
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-16
CVE-2025-68163
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
CVSS Score
3.5
EPSS Score
0.0
Published
2025-12-16
CVE-2025-62329
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.
CVSS Score
5.0
EPSS Score
0.001
Published
2025-12-16
CVE-2025-64012
InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-16
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-16
CVE-2025-65319
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-16
CVE-2025-65427
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved