Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-42765 — NULL Dereference in Certificate Verification with OCSP Checking

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a …

| Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-42764 — NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer …

| Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-35188 — Double-free When Checking OCSP Stapled Response

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verificatio…

| Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34183 — Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unb…

| Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34182 — CMS AuthEnvelopedData Processing May Accept Forged Messages

Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various pot…

| Cryptography
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34181 — PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing a certifi…

| Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-34180 — Heap Buffer Over-read in ASN.1 Content Parsing

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platfo…

| Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-9076 — Out-of-Bounds Read in CMS Password-Based Decryption

Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in…

| Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-7383 — Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may…

| Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-49842 — FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-49841 — FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-49840 — FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-49475 — FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-49472 — FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-45771 — Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | XML External Entity
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
4.6 MEDIUM
CVE-2026-0420 — Missing TLS certificate validation in ReadyCloud client app

An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting prod…

rax40 rax35 rax38 rax120v1 rax120v2 | Remote | Misconfiguration
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.6 MEDIUM
CVE-2026-9212 — Insufficient authentication and input validation in certain NETGEAR products

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain conf…

rax120 xr500 rbr20 rbs20 rbr40 rbs40 +14 more | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
4.2 MEDIUM
CVE-2026-0411 — A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites

An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affe…

rbr350 rbs350 rbr760 | Information Disclosure
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
4.3 MEDIUM
CVE-2026-0415 — Insufficient input validation vulnerability in certain Orbi routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…

rbr750 rbs750 rbr850 rbs850 rbr840 rbs840 +6 more | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
4.3 MEDIUM
CVE-2026-0414 — Arbitrary Code Execution vulnerability exists in RBE970

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…

| Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
Showing 20 of 7069 Results