Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
3.7 LOW
CVE-2026-10300 — SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such ma…

sglang | Remote | Misconfiguration
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
4.7 MEDIUM
CVE-2026-10299 — code-projects Online Hospital Management System viewdoctortimings.php resource injection

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument …

online_hospital_management_system | Remote | Path Traversal
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.3 LOW
CVE-2026-10298 — ggml-org whisper.cpp ggml.c whisper_model_load null pointer dereference

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null point…

whisper.cpp | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10297 — itsourcecode Fees Management System manage_course.php sql injection

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It …

fees_management_system | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2026-10296 — itsourcecode Fees Management System ajax.php sql injection

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Usernam…

fees_management_system | Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
3.3 LOW
CVE-2026-10295 — SourceCodester Customer Review App review_app.py get_all_reviews denial of service

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a mani…

customer_review_app | Denial of Service
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.7 MEDIUM
CVE-2025-59614 — Out-of-bounds Write in Windows Compute

Memory Corruption when sending random number generator command with insufficient output buffer size.

wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qca0000_firmware wsa8840_firmware +36 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.7 MEDIUM
CVE-2025-59613 — Stack-based Buffer Overflow in Windows Compute

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.

sd865_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware +82 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.7 MEDIUM
CVE-2025-59612 — Stack-based Buffer Overflow in Windows Compute

Memory corruption in windows drivers while sending incorrect trusted application request

wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qcm6490_firmware snapdragon_7c\+_gen_3_compute_firmware +56 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.7 MEDIUM
CVE-2025-59611 — Out-of-bounds Write in Core Services

Memory corruption in diagnostic services due to absence of input validation

aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware +94 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.4 MEDIUM
CVE-2025-59610 — Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +466 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
5.5 MEDIUM
CVE-2025-59609 — Buffer Over-read in WLAN Host Communication

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware +368 more | Remote | Information Disclosure
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2025-59606 — NULL Pointer Dereference in HLOS

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.

qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware +276 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2025-59605 — Out-of-bounds Write in HLOS

Memory Corruption when processing device identifier strings that exceed the expected maximum length.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +274 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.8 HIGH
CVE-2025-59604 — NULL Pointer Dereference in SPS Applications

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.

qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +524 more | Memory Corruption
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
6.5 MEDIUM
CVE-2025-59601 — Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.

wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware wsa8832_firmware fastconnect_7800_firmware +10 more | Information Disclosure
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
8.6 HIGH
CVE-2019-25718 — Dräger Infinity Explorer C700 Privilege Escalation via Kiosk Mode Bypass

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog inter…

| Authorization
Jun 01, 2026 Jun 03, 2026
Jun 01, 2026
Jun 03, 2026
8.8 HIGH
CVE-2026-49491 — Pixa Bank 2.0 SQL Injection via agence-ajax.php API

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests …

Remote | Injection
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
10.0 CRITICAL
CVE-2026-40965 — Cloud Foundry UAA EC Private Key Exposure

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed thr…

Remote | Cryptography
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-40964 — Cloud Foundry cf-auth-proxy Authentication Bypass

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and pl…

Remote | Authentication
Jun 01, 2026 Jun 02, 2026
Jun 01, 2026
Jun 02, 2026
Showing 20 of 7358 Results