Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-02
CVE-2026-24105
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
CVSS Score
9.8
EPSS Score
0.019
Published
2026-03-02
CVE-2026-21385
Known exploited
Memory corruption while using alignments for memory allocation.
CVSS Score
7.8
EPSS Score
0.002
Published
2026-03-02
CVE-2025-59600
Memory Corruption when adding user-supplied data without checking available buffer space.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02
CVE-2025-59603
Memory Corruption when processing invalid user address with nonstandard buffer address.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02
CVE-2025-64427
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or private network ranges). This allows the attacker to interact with internal HTTP/HTTPS services that are not intended to be exposed externally or to local users. No known patch is publicly available.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-03-02
CVE-2025-70252
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-02
CVE-2025-47385
Memory Corruption when accessing trusted execution environment without proper privilege check.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02
CVE-2025-47386
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02
CVE-2025-47381
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved