Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-58693
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-01-13
CVE-2025-25176
Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-01-13
CVE-2025-25249
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets
CVSS Score
8.1
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0408
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-01-13
CVE-2026-0403
An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-01-13
CVE-2026-0404
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
CVSS Score
8.0
EPSS Score
0.002
Published
2026-01-13
CVE-2026-0405
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0406
An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.
CVSS Score
8.0
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0407
An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-01-13
CVE-2025-70753
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved