Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-66328
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-12-08
CVE-2025-66330
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-12-08
CVE-2025-66331
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-12-08
CVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
CVSS Score
8.3
EPSS Score
0.0
Published
2025-12-05
CVE-2025-63681
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-04
CVE-2025-57210
Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-04
CVE-2025-57212
Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-04
CVE-2025-57213
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-04
CVE-2025-14008
A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-12-04
CVE-2025-29843
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved