Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2025
CVE-2025-64471
A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests
CVSS Score
4.9
EPSS Score
0.0
Published
2025-12-09
CVE-2025-64661
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-09
CVE-2025-64085
A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-09
CVE-2025-64086
A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-09
CVE-2025-64153
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-09
CVE-2025-62570
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-12-09
CVE-2025-62571
Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-09
CVE-2025-62572
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-09
CVE-2025-62573
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-12-09
CVE-2025-62631
An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control
CVSS Score
5.6
EPSS Score
0.0
Published
2025-12-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved