Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-3638
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-03-09
CVE-2026-30140
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-03-09
CVE-2025-70032
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-09
CVE-2025-70038
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-09
CVE-2025-70039
An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-09
CVE-2025-70033
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-09
CVE-2025-70037
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-09
CVE-2025-70060
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-09
CVE-2025-70042
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-09
CVE-2025-70046
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved