Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-39457
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption. If the target application is setuid-root, then this could be used to elevate local privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-30
CVE-2026-42512
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-04-30
CVE-2026-7164
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-30
CVE-2026-6537
ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
CVE-2026-6538
BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
CVE-2026-6867
SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
CVE-2026-6869
WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
CVE-2026-6870
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30
CVE-2026-7270
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-30
CVE-2026-6528
TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved