Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-2529 — Wavlink WL-WN579A3 wireless.cgi DeleteMac command injection

A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_l…

wl-wn579a3_firmware wl-wn579a3 | Remote | Injection
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-2528 — Wavlink WL-WN579A3 wireless.cgi Delete_Mac_list command injection

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument…

wl-wn579a3_firmware wl-wn579a3 | Remote | Injection
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-2527 — Wavlink WL-WN579A3 login.cgi command injection

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command i…

wl-wn579a3_firmware wl-wn579a3 | Remote | Injection
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
8.8 HIGH
CVE-2026-2526 — Wavlink WL-WN579A3 wireless.cgi multi_ssid command injection

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in co…

wl-wn579a3_firmware wl-wn579a3 | Remote | Injection
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
7.5 HIGH
CVE-2026-2525 — Free5GC PFCP UDP Endpoint denial of service

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched re…

free5gc | Remote | Denial of Service
Feb 16, 2026 Feb 19, 2026
Feb 16, 2026
Feb 19, 2026
7.5 HIGH
CVE-2026-2524 — Open5GS MME mme_s11_handle_create_session_response denial of service

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be…

open5gs | Remote | Denial of Service
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
7.5 HIGH
CVE-2026-2523 — Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipula…

open5gs | Remote | Denial of Service
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-2522 — Open5GS MME esm-build.c memory corruption

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. …

open5gs | Remote | Memory Corruption
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-2521 — Open5GS SGW-C sgwc_s5c_handle_create_session_response memory corruption

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corr…

open5gs | Remote | Memory Corruption
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-26369 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can …

enet_smart_home | Remote | Authorization
Feb 15, 2026 Feb 28, 2026
Feb 15, 2026
Feb 28, 2026
8.8 HIGH
CVE-2026-26368 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the…

enet_smart_home | Remote | Authorization
Feb 15, 2026 Feb 28, 2026
Feb 15, 2026
Feb 28, 2026
8.1 HIGH
CVE-2026-26367 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete a…

enet_smart_home | Remote | Authorization
Feb 15, 2026 Mar 02, 2026
Feb 15, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-26366 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. U…

enet_smart_home | Remote | Authentication
Feb 15, 2026 Feb 26, 2026
Feb 15, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25377 — OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers c…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25376 — OPNsense 19.1 Reflected XSS via proxy endpoint

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25375 — OPNsense 19.1 Reflected XSS via monit interface

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attack…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25374 — OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Att…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.4 MEDIUM
CVE-2019-25373 — OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25372 — OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25371 — OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
Showing 20 of 5050 Results