Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-42825
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.0
Published
2026-05-12
CVE-2026-42830
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-05-12
CVE-2026-42831
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-05-12
CVE-2026-42832
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVSS Score
7.7
EPSS Score
0.0
Published
2026-05-12
CVE-2026-42833
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-12
CVE-2026-42348
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server is attacker-controlled (or a network attacker can MitM the connection) and an extremely large body is returned in the response. This vulnerability is fixed in 0.2.0-alpha.1.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-05-12
CVE-2026-41612
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-05-12
CVE-2026-41613
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-05-12
CVE-2026-41614
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVSS Score
6.2
EPSS Score
0.001
Published
2026-05-12
CVE-2026-41895
changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).
CVSS Score
8.2
EPSS Score
0.0
Published
2026-05-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved