Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-28511 — elabftw has entry title leakage through autocompletion search

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …

elabftw | Remote | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
9.8 CRITICAL
CVE-2026-25879 — Langroid has Prompt to SQL Injection, Leading to RCE

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When…

langroid | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.8 HIGH
CVE-2026-25277 — Buffer Copy Without Checking Size of Input in Secure Processor

Memory corruption while using Strongbox due to buffer overflow.

qca6391_firmware sd865_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware +108 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.8 HIGH
CVE-2026-25276 — Improper Validation of Array Index in Secure Processor

Memory corruption while using Strongbox due to missing bounds check.

qca6391_firmware sd865_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware +108 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2026-25260 — Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.

sd865_5g_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +64 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2026-25259 — Out-of-bounds Write in DSP Service

Memory corruption while processing multiple IOCTL command for escape operations.

sd865_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware +78 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2026-25258 — Out-of-bounds Read in DSP Service

Memory corruption while processing IOCTL calls for escape operations.

wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qca0000_firmware wsa8840_firmware +36 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.8 HIGH
CVE-2026-24782 — Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBui…

kiteworks | Remote | Injection
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
4.3 MEDIUM
CVE-2026-24761 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metad…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
4.3 MEDIUM
CVE-2026-24756 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
5.4 MEDIUM
CVE-2026-24755 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permi…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
5.4 MEDIUM
CVE-2026-24754 — Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code…

kiteworks | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
6.5 MEDIUM
CVE-2026-24753 — Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled…

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…

kiteworks | Remote | Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
8.2 HIGH
CVE-2026-24752 — Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra…

kiteworks | Remote | Cross-Site Scripting
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
7.2 HIGH
CVE-2026-24092 — Improper Validation of Syntactic Correctness of Input in Display

Memory Corruption when processing fastboot commands to set display mode.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware +430 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24091 — Improper Validation of Syntactic Correctness of Input in Display

Memory corruption while processing fastboot commands with improperly formatted input.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +540 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.1 HIGH
CVE-2026-24090 — Missing Authentication for Critical Function in HLOS

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware +428 more | Cryptography
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24089 — Improper Validation of Syntactic Correctness of Input in Kernel

Memory corruption while processing fastboot commands with invalid input.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware +432 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.2 HIGH
CVE-2026-24088 — Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware +486 more | Cryptography
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.2 HIGH
CVE-2026-24087 — Improper Validation of Syntactic Correctness of Input in Kernel

Memory corruption while processing fastboot OEM commands.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware +424 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
Showing 20 of 7366 Results