Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2026-21380 — Use After Free in DSP Service

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21378 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21376 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21375 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21374 — Buffer Over-read in Camera

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21373 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21372 — Heap-Based Buffer Overflow in Power Management IC

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21371 — Buffer Over-read in WinBlast Driver

Memory Corruption when retrieving output buffer with insufficient size validation.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.6 HIGH
CVE-2026-21367 — Buffer Over-read in WLAN Firmware

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

Remote | Denial of Service
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.1 HIGH
CVE-2025-47400 — Buffer Over-read in Computer Vision

Cryptographic issue while copying data to a destination buffer without validating its size.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
8.8 HIGH
CVE-2025-47392 — Integer Overflow or Wraparound in GPS

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2025-47391 — Stack-based Buffer Overflow in Camera Driver

Memory corruption while processing a frame request from user.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2025-47390 — Buffer Over-read in Camera

Memory corruption while preprocessing IOCTL request in JPEG driver.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2025-47389 — Buffer Copy Without Checking Size of Input in Automotive Platform

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2025-47374 — Use After Free in Camera Driver

Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
8.5 HIGH
CVE-2024-14032 — Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unpro…

| Authorization
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
0.0 NA
CVE-2026-5668 — Cyber-III Student-Management-System add%20notice.php cross site scripting

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipu…

| Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
0.0 NA
CVE-2026-34976 — Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missi…

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthent…

| Authentication
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
0.0 NA
CVE-2026-34975 — Plunk has a CRLF Email Header Injection in raw MIME message construction allows authentic…

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subjec…

| Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
0.0 NA
CVE-2026-34841 — Axios npm Supply Chain Incident Impacting @usebruno/cli

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hid…

| Supply Chain
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
Showing 20 of 5940 Results