Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
2.1 LOW
CVE-2026-5772 — MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation

A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * e…

Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-5983 — D-Link DIR-605L POST Request formSetDDNS buffer overflow

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation …

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
2.1 LOW
CVE-2026-5778 — Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.

Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication…

Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39848 — Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Da…

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a log…

| Cross-Site Request Forgery
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.3 HIGH
CVE-2026-5264 — DTLS 1.3 ACK heap buffer overflow

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.

Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
0.0 NA
CVE-2026-40154 — PraisonAI Affected by Untrusted Remote Template Code Execution

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confi…

| Supply Chain
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.4 HIGH
CVE-2026-33791 — Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary she…

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inje…

| Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.7 HIGH
CVE-2026-33790 — Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 p…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 pac…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.8 MEDIUM
CVE-2026-33787 — Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specific show command is executed ch…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local att…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.8 HIGH
CVE-2026-33785 — Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/C…

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a com…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
9.8 CRITICAL
CVE-2026-33784 — JSI Virtual Lightweight Collector: Default password is not required to be changed which a…

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control …

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.1 HIGH
CVE-2026-33783 — Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specif…

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privilege…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.1 HIGH
CVE-2026-33781 — Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packe…

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.7 HIGH
CVE-2026-33778 — Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is rec…

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, n…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.8 MEDIUM
CVE-2026-33776 — Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive info…

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privil…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.9 MEDIUM
CVE-2026-33774 — Junos OS: MX Series: Firewall filters on lo0.<non-0> in the default routing instance are …

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
9.1 CRITICAL
CVE-2026-33771 — CTP OS: Configuring password requirements does not work which permits the use of weak pas…

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local acc…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.7 HIGH
CVE-2025-13914 — Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insuf…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.4 HIGH
CVE-2026-33797 — Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a…

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already establis…

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.3 HIGH
CVE-2026-33779 — Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud commun…

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to …

Remote | Misconfiguration
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
Showing 20 of 6505 Results