Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-33727
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct interactive-login issue. However, nologin does not prevent code from running as UID pihole if a Pi-hole component is compromised. In that realistic post-compromise scenario, attacker-controlled content in /etc/pihole/versions is sourced by root-run Pi-hole scripts, leading to root code execution. This vulnerability is fixed in 6.4.1.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31350
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31351
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-04-06
CVE-2026-21381
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
CVSS Score
7.6
EPSS Score
0.0
Published
2026-04-06
CVE-2026-21382
Memory Corruption when handling power management requests with improperly sized input/output buffers.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-06
CVE-2026-21374
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-06
CVE-2026-21375
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-06
CVE-2026-21376
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-06
CVE-2026-21378
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-06
CVE-2026-21380
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved