CVE•Published 2026-04-05•Modified 2026-04-07•1 article on news•7 live references•NVD data
CVE-2019-25690Marmotech · Kados
Vulnerability data via NVD (ingested)
CVSS v3.1
8.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS percentile
—
Weaknesses (CWE)
Description
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information.
Timeline
Published 2026-04-05
Modified 2026-04-07
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2019-25690Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Marmotech Kados" version:"r10_greenbee"Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Kados"HTTP body or banner mentions "Kados" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2019-25690Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2019-25690Censys host search filtered to this CVE id.
grep.app
CVE-2019-25690Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2019-25690GitHub code search for direct mentions.
Google dork
"CVE-2019-25690" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2019-256908 repos
Mr-xn/Penetration_Testing_POCHTML
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…
0xsyr0/OSCPPowerShell
OSCP Cheat Sheet
zulloper/cve-pocPython
CVE POC repo 자동 수집기
Faizan-Khanx/OSCPunknown
This repository is designed to provide a comprehensive collection of study materials, notes, and resources for the Offensive Security Certified Professional (OSCP) exam. It covers …
CVEDB/awesome-cve-repoShell
dusbot/cpe2cveGo
A tool written in Go that queries CVE information using CPE (Common Platform Enumeration) as input, with support for library integration(使用go实现的一个根据cpe查询cve信息的工具,支持库调用)
awiseguy88/openclaw-advanced-skills-libraryunknown
OpenClaw Skills Library 2,510 Production-Ready Skills for AI Agent Automation Give your OpenClaw agent the complete puzzle. Modular, observable, and safe automation workflows for…
Saif-89/CERBERUSPython