Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-31150
Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31151
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-04-06
CVE-2026-31058
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31059
A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
CVSS Score
9.8
EPSS Score
0.006
Published
2026-04-06
CVE-2026-31060
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31061
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31062
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31063
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-04-06
CVE-2026-26026
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-04-06
CVE-2026-26027
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved