Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33259
Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33261
A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-22
CVE-2026-33262
An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-22
CVE-2026-31431
Known exploited
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVSS Score
7.8
EPSS Score
0.012
Published
2026-04-22
CVE-2026-6023
In ProgressĀ® TelerikĀ® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.
CVSS Score
8.1
EPSS Score
0.005
Published
2026-04-22
CVE-2026-40542
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved