Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-2606
IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read access on the underlying server file system.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-03-03
CVE-2026-2915
HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-03-03
CVE-2026-26887
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-03
CVE-2026-26888
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-03
CVE-2026-26889
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-03
CVE-2026-0869
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-03
CVE-2026-1265
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-03
CVE-2025-66945
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution
CVSS Score
9.1
EPSS Score
0.001
Published
2026-03-03
CVE-2025-70236
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-03
CVE-2025-70237
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved