Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-47375
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02
CVE-2025-47376
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02
CVE-2025-47371
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-02
CVE-2025-47373
Memory Corruption when accessing buffers with invalid length during TA invocation.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26699
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-03-02
CVE-2026-26701
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-03-02
CVE-2026-28403
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP `Origin` header during the WebSocket handshake. A malicious web page visited in the same browser session can silently connect to the local WebSocket server and send arbitrary `DirectorCommand` payloads, allowing full remote control of the teleprompter content. Version 1.5.1 fixes the issue.
CVSS Score
7.6
EPSS Score
0.0
Published
2026-03-02
CVE-2026-28412
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-02
CVE-2026-24101
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability.
CVSS Score
9.8
EPSS Score
0.011
Published
2026-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved