Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-22853
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-14
CVE-2026-22854
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-14
CVE-2025-63644
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-14
CVE-2025-70747
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-14
CVE-2025-71021
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-14
CVE-2026-22779
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input directly into headers.The server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers. This vulnerability is fixed in 2.4.6.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-14
CVE-2025-67833
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2026-01-14
CVE-2025-67834
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2026-01-14
CVE-2025-67835
Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-14
CVE-2025-70968
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved