Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-26308
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating each header value individually, Envoy concatenates all values into a single comma-separated string. This behavior allows attackers to bypass RBAC policies—specifically "Deny" rules—by sending duplicate headers, effectively obscuring the malicious value from exact-match mechanisms. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-10
CVE-2026-26309
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resulting string is later treated as a C-string. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-10
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-03-10
CVE-2025-70249
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-10
CVE-2025-70251
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-10
CVE-2025-36227
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-10
CVE-2025-70227
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/formLanguageChange.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-10
CVE-2025-70242
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-10
CVE-2025-70246
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-10
CVE-2025-70247
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved