Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-47153 — Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47152 — Level Control Move divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47151 — Door Lock ClearWeekdaySchedule invalid table index and write in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages …

emberznet | Remote | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47150 — IAS Zone enroll invalid table index and write in EmberZNet 9.0.2

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These…

emberznet | Remote | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47149 — Door Lock GetUserType invalid table index in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has …

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47148 — Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47147 — OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and locatio…

emberznet | Remote | Information Disclosure
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47146 — Color Control color-temperature assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devi…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-47145 — Color Control hue/saturation assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devi…

emberznet | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.8 HIGH

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit …

display_and_peripheral_manager | Misconfiguration
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-46733 — Dell Display and Peripheral Manager Improper Access Control Vulnerability

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this…

Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.0 HIGH
CVE-2026-46732 — Dell Display and Peripheral Manager Local Privilege Escalation via Race Condition

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privi…

Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
5.3 MEDIUM
CVE-2026-42390 — ZONEMD validation can be bypassed

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

recursor | Remote | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-42389 — Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

recursor | Remote
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.9 MEDIUM
CVE-2026-42388 — Missing input validation for catalog zones

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

recursor | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.9 MEDIUM
CVE-2026-42387 — Insufficient input validation in ZoneToCache

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.

recursor | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.8 CRITICAL
CVE-2026-41120 — Dell Wyse Management Suite: Acceptance of Extraneous Untrusted Data With Trusted Data lea…

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could poten…

wyse_management_suite | Remote | Misconfiguration
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-40012 — Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

recursor | Remote | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.4 HIGH
CVE-2026-2815 — Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable …

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

| Cryptography
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-27366 — WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

mainwp_child | Remote | Authorization
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
Showing 20 of 7990 Results