Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-20783
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-06
CVE-2025-20784
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-06
CVE-2025-20785
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-06
CVE-2025-20786
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-06
CVE-2025-20760
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-01-06
CVE-2025-20761
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-01-06
CVE-2025-20762
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-01-06
CVE-2025-20778
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-06
CVE-2026-21449
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user. Version 2.3.10 fixes the issue.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-02
CVE-2026-21450
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-01-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved