Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-7414
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-05-07
CVE-2026-7415
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-05-07
CVE-2026-6973
Known exploited
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.055
Published
2026-05-07
CVE-2026-7821
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
CVSS Score
7.4
EPSS Score
0.001
Published
2026-05-07
CVE-2026-5786
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
CVSS Score
8.8
EPSS Score
0.005
Published
2026-05-07
CVE-2026-5787
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
CVSS Score
8.9
EPSS Score
0.001
Published
2026-05-07
CVE-2026-5788
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
CVSS Score
7.0
EPSS Score
0.003
Published
2026-05-07
CVE-2026-44263
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-05-07
CVE-2026-44264
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-05-07
CVE-2026-41519
Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cycle_session_keys()", but DRF API tokens ("wlu_*" prefix) stored in "authtoken_token" are not revoked. This issue has been patched in version 5.17.1.
CVSS Score
4.2
EPSS Score
0.0
Published
2026-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved