Latest CVE Vulnerabilities

9.2 CRITICAL

CVE-2026-27208 — api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execut…

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to ex…

api-gateway-deploy | Injection

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

4.9 MEDIUM

CVE-2026-0402 — SonicOS Out-of-bounds Read Remote Crash

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Denial of Service

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

4.9 MEDIUM

CVE-2026-0401 — SonicOS NULL Pointer Dereference Remote Denial of Service

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Denial of Service

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

4.9 MEDIUM

CVE-2026-0400 — SonicOS Format String Vulnerability

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Information Disclosure

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

4.9 MEDIUM

CVE-2026-0399 — SonicOS Stack-Based Buffer Overflow Vulnerability

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 +27 more | Remote | Memory Corruption

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

7.5 HIGH

CVE-2025-67445 — TOTOLINK X5000R Denial-of-Service CGI Memory Exhaustion Vulnerability

TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CO…

x5000r_firmware x5000r | Remote | Denial of Service

Feb 24, 2026 Feb 27, 2026

Feb 24, 2026

Feb 27, 2026

6.8 MEDIUM

CVE-2025-10010 — Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a sepa…

cryptopro_secure_disk | Misconfiguration

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

9.8 CRITICAL

CVE-2026-2807 — Memory safety bugs fixed in Firefox 148 and Thunderbird 148

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 25, 2026

Feb 24, 2026

Feb 25, 2026

9.1 CRITICAL

CVE-2026-2806 — Uninitialized memory in the Graphics: Text component

Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 25, 2026

Feb 24, 2026

Feb 25, 2026

9.8 CRITICAL

CVE-2026-2805 — Invalid pointer in the DOM: Core & HTML component

Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 25, 2026

Feb 24, 2026

Feb 25, 2026

5.4 MEDIUM

CVE-2026-2804 — Use-after-free in the JavaScript: WebAssembly component

Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 25, 2026

Feb 24, 2026

Feb 25, 2026

7.5 HIGH

CVE-2026-2803 — Information disclosure, mitigation bypass in the Settings UI component

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Information Disclosure

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

4.2 MEDIUM

CVE-2026-2802 — Race condition in the JavaScript: GC component

Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Race Condition

Feb 24, 2026 Feb 25, 2026

Feb 24, 2026

Feb 25, 2026

7.5 HIGH

CVE-2026-2801 — Incorrect boundary conditions in the JavaScript: WebAssembly component

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

9.8 CRITICAL

CVE-2026-2800 — Spoofing issue in the WebAuthn component in Firefox for Android

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Authentication

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

9.8 CRITICAL

CVE-2026-2799 — Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

8.8 HIGH

CVE-2026-2798 — Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 25, 2026

Feb 24, 2026

Feb 25, 2026

9.8 CRITICAL

CVE-2026-2797 — Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

9.8 CRITICAL

CVE-2026-2796 — JIT miscompilation in the JavaScript: WebAssembly component

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 27, 2026

Feb 24, 2026

Feb 27, 2026

9.8 CRITICAL

CVE-2026-2795 — Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

firefox thunderbird | Remote | Memory Corruption

Feb 24, 2026 Feb 26, 2026

Feb 24, 2026

Feb 26, 2026

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Browse by Apps

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences