Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-03-05
CVE-2026-26195
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-05
CVE-2025-7375
A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-05
CVE-2025-70232
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-05
CVE-2025-70233
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-05
CVE-2025-70229
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-05
CVE-2025-70230
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-05
CVE-2025-70231
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-05
CVE-2026-26377
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.
CVSS Score
5.4
EPSS Score
0.001
Published
2026-03-05
CVE-2026-1605
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed. This happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response. In this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved