Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-34148 — Fedify affected by resource exhaustion caused by unbounded redirect following during remo…

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote doc…

fedify | Remote | Misconfiguration
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
8.6 HIGH
CVE-2026-33752 — Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonati…

curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of thi…

Remote | Server-Side Request Forgery
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
6.4 MEDIUM
CVE-2026-33727 — Pi-hole has a Local Privilege Escalation (post-compromise, pihole -> root).

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privile…

pi-hole | Authentication
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
3.1 LOW
CVE-2026-33405 — Pi-hole has a Stored HTML Injection in queries.js

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() function in queries.js renders …

web_interface | Cross-Site Scripting
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
5.4 MEDIUM
CVE-2026-31354 — Feehi CMS Cross-Site Scripting (XSS) Vulnerability

Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafte…

feehi_cms | Remote | Cross-Site Scripting
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
5.4 MEDIUM
CVE-2026-31353 — Feehi CMS Stored XSS Vulnerability

An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload i…

feehi_cms | Remote | Cross-Site Scripting
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
5.4 MEDIUM
CVE-2026-31352 — Feehi CMS Cross-Site Scripting

An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa…

feehi_cms | Remote | Cross-Site Scripting
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
4.8 MEDIUM
CVE-2026-31351 — Feehi CMS Stored Cross-Site Scripting (XSS)

An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted p…

feehi_cms | Remote | Cross-Site Scripting
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
5.4 MEDIUM
CVE-2026-31350 — Feehi CMS Stored Cross-Site Scripting Vulnerability

An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign param…

feehi_cms | Remote | Cross-Site Scripting
Apr 06, 2026 Apr 07, 2026
Apr 06, 2026
Apr 07, 2026
7.8 HIGH
CVE-2026-21382 — Buffer Copy Without Checking Size of Input in Power Management IC

Memory Corruption when handling power management requests with improperly sized input/output buffers.

wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qca0000_firmware wsa8840_firmware +32 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.6 HIGH
CVE-2026-21381 — Buffer Over-read in WLAN Firmware

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.

qca6391_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware +200 more | Remote | Denial of Service
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21380 — Use After Free in DSP Service

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware wsa8832_firmware fastconnect_6900_firmware +40 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21378 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware +96 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21376 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware +102 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21375 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8830_firmware wsa8835_firmware qcm6490_firmware +64 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21374 — Buffer Over-read in Camera

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware +102 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21373 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware +102 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21372 — Heap-Based Buffer Overflow in Power Management IC

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

wcd9380_firmware wcd9385_firmware wcn3988_firmware qcm6490_firmware snapdragon_662_mobile_platform_firmware snapdragon_7c\+_gen_3_compute_firmware +50 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.8 HIGH
CVE-2026-21371 — Buffer Over-read in WinBlast Driver

Memory Corruption when retrieving output buffer with insufficient size validation.

aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware +98 more | Memory Corruption
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
7.6 HIGH
CVE-2026-21367 — Buffer Over-read in WLAN Firmware

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

qca6391_firmware sd_8_gen1_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware +294 more | Remote | Denial of Service
Apr 06, 2026 Apr 08, 2026
Apr 06, 2026
Apr 08, 2026
Showing 20 of 6562 Results