Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-42899
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-05-12
CVE-2026-42823
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2026-05-12
CVE-2026-42825
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.0
Published
2026-05-12
CVE-2026-42830
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-05-12
CVE-2026-42831
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-05-12
CVE-2026-42832
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVSS Score
7.7
EPSS Score
0.0
Published
2026-05-12
CVE-2026-42833
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-12
CVE-2026-42348
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server is attacker-controlled (or a network attacker can MitM the connection) and an extremely large body is returned in the response. This vulnerability is fixed in 0.2.0-alpha.1.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-05-12
CVE-2026-41612
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-05-12
CVE-2026-41613
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-05-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved