Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-28550
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.0
EPSS Score
0.0
Published
2026-03-05
CVE-2026-28552
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-05
CVE-2026-28537
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-03-05
CVE-2026-28538
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-03-05
CVE-2026-28539
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-05
CVE-2026-28540
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.0
EPSS Score
0.0
Published
2026-03-05
CVE-2026-28541
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.0
EPSS Score
0.0
Published
2026-03-05
CVE-2025-66319
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-03-05
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVSS Score
9.6
EPSS Score
0.0
Published
2026-03-05
CVE-2026-29045
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowed paths containing encoded slashes (%2F) to bypass middleware protections while still resolving to the intended filesystem path. This issue has been patched in version 4.12.4.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved