Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-2524 — Open5GS MME mme_s11_handle_create_session_response denial of service

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be…

open5gs | Remote | Denial of Service
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
7.5 HIGH
CVE-2026-2523 — Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipula…

open5gs | Remote | Denial of Service
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-2522 — Open5GS MME esm-build.c memory corruption

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. …

open5gs | Remote | Memory Corruption
Feb 16, 2026 Feb 18, 2026
Feb 16, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-2521 — Open5GS SGW-C sgwc_s5c_handle_create_session_response memory corruption

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corr…

open5gs | Remote | Memory Corruption
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
9.8 CRITICAL
CVE-2026-26369 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can …

enet_smart_home | Remote | Authorization
Feb 15, 2026 Feb 28, 2026
Feb 15, 2026
Feb 28, 2026
8.8 HIGH
CVE-2026-26368 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the…

enet_smart_home | Remote | Authorization
Feb 15, 2026 Feb 28, 2026
Feb 15, 2026
Feb 28, 2026
8.1 HIGH
CVE-2026-26367 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete a…

enet_smart_home | Remote | Authorization
Feb 15, 2026 Mar 02, 2026
Feb 15, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-26366 — JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. U…

enet_smart_home | Remote | Authentication
Feb 15, 2026 Feb 26, 2026
Feb 15, 2026
Feb 26, 2026
6.1 MEDIUM
CVE-2019-25377 — OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers c…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25376 — OPNsense 19.1 Reflected XSS via proxy endpoint

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25375 — OPNsense 19.1 Reflected XSS via monit interface

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attack…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25374 — OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Att…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.4 MEDIUM
CVE-2019-25373 — OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25372 — OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25371 — OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramet…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.1 MEDIUM
CVE-2019-25370 — OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POS…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
6.4 MEDIUM
CVE-2019-25369 — OPNsense 19.1 Stored XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. A…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
5.4 MEDIUM
CVE-2019-25368 — OPNsense 19.1 Reflected XSS via diag_backup.php

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDri…

opnsense | Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
5.4 MEDIUM
CVE-2019-25367 — ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attacke…

Remote | Cross-Site Scripting
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
7.5 HIGH
CVE-2026-2517 — Open5GS SMF types.c ogs_gtp2_parse_tft denial of service

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulatio…

open5gs | Remote | Denial of Service
Feb 15, 2026 Feb 18, 2026
Feb 15, 2026
Feb 18, 2026
Showing 20 of 5070 Results