Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-23514
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-25
CVE-2025-59706
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-03-25
CVE-2025-59707
In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-03-25
CVE-2025-32991
In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution.
CVSS Score
9.0
EPSS Score
0.003
Published
2026-03-25
CVE-2026-4815
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls[0][message_ids][]' parameter in '/supportboard/include/ajax.php' endpoint.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-25
CVE-2026-4816
A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-25
CVE-2025-27260
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-25
CVE-2025-40841
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-25
CVE-2025-40842
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-25
CVE-2026-4761
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved