Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2025-47386 — Use After Free in Automotive Audio

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +334 more | Memory Corruption
Mar 02, 2026 Mar 05, 2026
Mar 02, 2026
Mar 05, 2026
7.8 HIGH
CVE-2025-47385 — Improper Access Control for Register Interface in SCE-Mink

Memory Corruption when accessing trusted execution environment without proper privilege check.

qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware +182 more | Memory Corruption
Mar 02, 2026 Mar 05, 2026
Mar 02, 2026
Mar 05, 2026
6.5 MEDIUM
CVE-2025-47384 — Reachable Assertion in FW

Transient DOS when MAC configures config id greater than supported maximum value.

qca6391_firmware qca6595au_firmware qca6696_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware +80 more | Denial of Service
Mar 02, 2026 Mar 05, 2026
Mar 02, 2026
Mar 05, 2026
7.2 HIGH
CVE-2025-47383 — Missing Cryptographic Step in Data Modem

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware qca6574au_firmware qca6595au_firmware +406 more | Remote | Misconfiguration
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
7.8 HIGH
CVE-2025-47381 — Use After Free in Automotive Audio

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.

qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware +44 more | Memory Corruption
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
7.8 HIGH
CVE-2025-47379 — Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +350 more | Memory Corruption
Mar 02, 2026 Mar 05, 2026
Mar 02, 2026
Mar 05, 2026
7.1 HIGH
CVE-2025-47378 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

qca6391_firmware qca6595au_firmware qca6696_firmware sd865_5g_firmware wcd9380_firmware wcd9385_firmware +142 more | Cryptography
Mar 02, 2026 Mar 05, 2026
Mar 02, 2026
Mar 05, 2026
7.8 HIGH
CVE-2025-47377 — Use After Free in Automotive Audio

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware +238 more | Memory Corruption
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
7.8 HIGH
CVE-2025-47376 — Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +334 more | Memory Corruption
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
7.8 HIGH
CVE-2025-47375 — Use After Free in Automotive Audio

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +332 more | Memory Corruption
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
7.8 HIGH
CVE-2025-47373 — Out-of-bounds Write in Automotive

Memory Corruption when accessing buffers with invalid length during TA invocation.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +370 more | Memory Corruption
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
6.5 MEDIUM
CVE-2025-47371 — Reachable Assertion in Modem

Transient DOS when an LTE RLC packet with invalid TB is received by UE.

qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware wcd9341_firmware wcd9380_firmware +244 more | Denial of Service
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
7.5 HIGH
CVE-2026-28412 — Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state t…

textream | Remote | Denial of Service
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
8.6 HIGH
CVE-2026-28403 — Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTT…

textream | Remote | Misconfiguration
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
9.8 CRITICAL
CVE-2026-26720 — Twenty CRM TypeScript Injection Vulnerability

An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.

twenty | Remote | Injection
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
9.8 CRITICAL
CVE-2026-26701 — Sourcecodester Personnel Property Equipment System SQL Injection Vulnerability

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.

personnel_property_equipment_system | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.8 HIGH
CVE-2026-26699 — Sourcecodester Personnel Property Equipment System File Upload Code Execution Vulnerabili…

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.

personnel_property_equipment_system | Remote | Injection
Mar 02, 2026 Mar 04, 2026
Mar 02, 2026
Mar 04, 2026
9.8 CRITICAL
CVE-2026-24112 — Tenda W20E Buffer Overflow Vulnerability

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` functio…

w20e_firmware w20e | Remote | Memory Corruption
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-24110 — Tenda W20E Buffer Overflow

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule…

w20e_firmware w20e | Remote | Memory Corruption
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-24101 — Tenda AC15V1.0 Command Injection Vulnerability

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1…

ac15_firmware ac15 | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
Showing 20 of 5067 Results