Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2025-33073
Known exploited
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.481
Published
2025-06-10
CVE-2025-33053
Known exploited
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.24
Published
2025-06-10
CVE-2025-47827
Known exploited
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
CVSS Score
4.6
EPSS Score
0.007
Published
2025-06-05
CVE-2025-21479
Known exploited
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-06-03
CVE-2025-27038
Known exploited
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
CVSS Score
7.5
EPSS Score
0.011
Published
2025-06-03
CVE-2025-21480
Known exploited
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVSS Score
8.6
EPSS Score
0.011
Published
2025-06-03
CVE-2025-5419
Known exploited
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.013
Published
2025-06-03
CVE-2025-5086
Known exploited
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
CVSS Score
9.0
EPSS Score
0.454
Published
2025-06-02
CVE-2025-48928
Known exploited
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
CVSS Score
4.0
EPSS Score
0.044
Published
2025-05-28
CVE-2025-48927
Known exploited
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVSS Score
5.3
EPSS Score
0.047
Published
2025-05-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved