Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-49841
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-06-09
CVE-2026-48574
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.004
Published
2026-06-09
CVE-2026-48575
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVSS Score
7.9
EPSS Score
0.003
Published
2026-06-09
CVE-2026-48576
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVSS Score
7.9
EPSS Score
0.01
Published
2026-06-09
CVE-2026-48578
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVSS Score
7.9
EPSS Score
0.003
Published
2026-06-09
CVE-2026-48583
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09
CVE-2026-49160
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.484
Published
2026-06-09
CVE-2026-48565
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.004
Published
2026-06-09
CVE-2026-48566
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.004
Published
2026-06-09
CVE-2026-48568
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVSS Score
7.9
EPSS Score
0.003
Published
2026-06-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved