Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  Security Vulnerabilities
CVE-2025-21221
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.007
Published
2025-04-08
CVE-2025-21222
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.007
Published
2025-04-08
CVE-2025-21174
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.379
Published
2025-04-08
CVE-2025-21191
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2025-04-08
CVE-2025-1095
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-08
CVE-2025-25001
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
4.3
EPSS Score
0.016
Published
2025-04-04
CVE-2025-29796
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
4.7
EPSS Score
0.011
Published
2025-04-04
CVE-2025-29815
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
CVSS Score
7.6
EPSS Score
0.009
Published
2025-04-04
CVE-2025-25000
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.018
Published
2025-04-04
CVE-2024-4877
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
CVSS Score
8.8
EPSS Score
0.002
Published
2025-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved