Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-26366 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. U…

enet_smart_home | Remote | Authentication
Feb 15, 2026 Feb 26, 2026
Feb 15, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25377 — OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers c…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25376 — OPNsense 19.1 Reflected XSS via proxy endpoint

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25375 — OPNsense 19.1 Reflected XSS via monit interface

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attack…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25374 — OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Att…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.4 MEDIUM
CVE-2019-25373 — OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25372 — OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25371 — OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25370 — OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POS…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.4 MEDIUM
CVE-2019-25369 — OPNsense 19.1 Stored XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. A…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
5.4 MEDIUM
CVE-2019-25368 — OPNsense 19.1 Reflected XSS via diag_backup.php

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDri…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
5.4 MEDIUM
CVE-2019-25367 — ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attacke…

Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
7.5 HIGH
CVE-2026-2517 — Open5GS SMF types.c ogs_gtp2_parse_tft denial of service

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulatio…

open5gs | Remote | Denial of Service
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
7.3 HIGH
CVE-2026-2516 — Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled se…

ezpdf_reader | Misconfiguration
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.4 MEDIUM
CVE-2026-2541 — Micca KE700 Brute-force vulnerability due to low entropy

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a br…

| Authentication
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
8.4 HIGH
CVE-2026-2540 — Micca KE700 Acceptance of previously used rolling codes

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the…

| Authentication
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
5.7 MEDIUM
CVE-2026-2539 — Micca KE700 Cleartext transmission of key fob ID

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters t…

| Cryptography
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.8 MEDIUM
CVE-2025-32063 — Enabling SSH server on Infotainment ECU

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the fol…

| Misconfiguration
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
8.8 HIGH
CVE-2025-32062 — Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppl…

| Memory Corruption
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
8.8 HIGH
CVE-2025-32061 — Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppl…

| Memory Corruption
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
Showing 20 of 5026 Results