Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2025-5419
Known exploited
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.01
Published
2025-06-03
CVE-2025-48928
Known exploited
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
CVSS Score
4.0
EPSS Score
0.102
Published
2025-05-28
CVE-2025-48927
Known exploited
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVSS Score
5.3
EPSS Score
0.082
Published
2025-05-28
CVE-2025-32709
Known exploited
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.038
Published
2025-05-13
CVE-2025-32706
Known exploited
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.122
Published
2025-05-13
CVE-2025-30397
Known exploited
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.205
Published
2025-05-13
CVE-2025-30400
Known exploited
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.037
Published
2025-05-13
CVE-2025-32701
Known exploited
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.042
Published
2025-05-13
CVE-2025-4427
Known exploited
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS Score
5.3
EPSS Score
0.922
Published
2025-05-13
CVE-2025-4428
Known exploited
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS Score
7.2
EPSS Score
0.386
Published
2025-05-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved