Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-24287
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-03-10
CVE-2026-24288
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
CVSS Score
6.8
EPSS Score
0.001
Published
2026-03-10
CVE-2026-24017
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-03-10
CVE-2026-24018
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-10
CVE-2026-24282
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-03-10
CVE-2026-23673
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-03-10
CVE-2026-23674
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-03-10
CVE-2026-23907
This issue affects the ExtractEmbeddedFiles example inĀ Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability (CWE-22) because the filename that is obtained from PDComplexFileSpecification.getFilename() is appended to the extraction path. Users who have copied this example into their production code should review it to ensure that the extraction path is acceptable. The example has been changed accordingly, now the initial path and the extraction paths are converted into canonical paths and it is verified that extraction path contains the initial path. The documentation has also been adjusted.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-10
CVE-2026-23668
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.0
Published
2026-03-10
CVE-2026-23669
Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved