Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2026
CVE-2026-0880
Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0881
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0882
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0883
Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-13
CVE-2026-0884
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-01-13
CVE-2025-11669
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-01-13
CVE-2025-9435
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
CVSS Score
5.5
EPSS Score
0.0
Published
2026-01-13
CVE-2025-11250
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-01-13
CVE-2025-13774
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-13
CVE-2025-59021
Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved