Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33259
Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33261
A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33262
An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-22
CVE-2026-31431
Known exploited
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVSS Score
7.8
EPSS Score
0.04
Published
2026-04-22
CVE-2026-40542
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-04-22
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.
CVSS Score
6.6
EPSS Score
0.0
Published
2026-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved