Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-44362 — OP-TEE's subkey rollback protection can be bypassed with older subkey versions

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior …

| Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
3.8 LOW
CVE-2026-42546 — OP-TEE has missing OPTEE_MSG_ATTR_TYPE_MASK in cleanup_shm_refs() leaks mobj references

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior t…

| Misconfiguration
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
2.5 LOW
CVE-2026-41516 — OP-TEE: Hisilicon HPRE PKCS#1 v1.5 Decryption Padding Oracle

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior t…

| Cryptography
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
2.5 LOW
CVE-2026-41515 — OP-TEE: RSA-OAEP padding oracle in NXP CAAM driver enables plaintext recovery

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior t…

| Cryptography
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
2.5 LOW
CVE-2026-41514 — OP-TEE: RSA-OAEP padding oracle in Hisilicon HPRE driver enables plaintext recovery

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior t…

| Cryptography
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-14898 — OpenAI Codex Information Disclosure via Remote Image Rendering

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a conne…

| Server-Side Request Forgery
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-14536 — Devolutions Server Multi-Factor Authentication Bypass

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authentica…

| Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-11405 — Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows ad…

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based …

| Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-57572 — Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.ex…

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch argumen…

| Misconfiguration
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-57573 — Crawl4AI unauthenticated SSRF in Docker streaming crawl endpoint

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming pat…

| Server-Side Request Forgery
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-57571 — Crawl4AI arbitrary file write via download filename path traversal

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined…

| Path Traversal
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
7.8 HIGH
CVE-2026-25271 — Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.8 HIGH
CVE-2026-25268 — Stack-based Buffer Overflow in WLAN Host

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
5.3 MEDIUM
CVE-2026-21384 — Out-of-bounds Write in Camera Driver

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
7.1 HIGH
CVE-2026-21383 — Reusing a Nonce, Key Pair in Encryption in HLOS

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.

| Cryptography
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
7.8 HIGH
CVE-2026-21379 — Buffer Over-read in Windows Compute

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
5.3 MEDIUM
CVE-2026-21370 — Out-of-bounds Write in Camera Driver

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
5.3 MEDIUM
CVE-2026-21369 — Out-of-bounds Write in Camera Driver

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
5.3 MEDIUM
CVE-2026-21368 — Out-of-bounds Write in Camera Driver

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
6.6 MEDIUM
CVE-2025-59617 — Use After Free in Computer Vision

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.

| Memory Corruption
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
Showing 20 of 7507 Results