Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2026-21376 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21375 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21374 — Buffer Over-read in Camera

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21373 — Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21372 — Heap-Based Buffer Overflow in Power Management IC

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2026-21371 — Buffer Over-read in WinBlast Driver

Memory Corruption when retrieving output buffer with insufficient size validation.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.6 HIGH
CVE-2026-21367 — Buffer Over-read in WLAN Firmware

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

Remote | Denial of Service
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.1 HIGH
CVE-2025-47400 — Buffer Over-read in Computer Vision

Cryptographic issue while copying data to a destination buffer without validating its size.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
8.8 HIGH
CVE-2025-47392 — Integer Overflow or Wraparound in GPS

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2025-47391 — Stack-based Buffer Overflow in Camera Driver

Memory corruption while processing a frame request from user.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2025-47390 — Buffer Over-read in Camera

Memory corruption while preprocessing IOCTL request in JPEG driver.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.8 HIGH
CVE-2025-47389 — Buffer Copy Without Checking Size of Input in Automotive Platform

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2025-47374 — Use After Free in Camera Driver

Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.

| Memory Corruption
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
8.5 HIGH
CVE-2024-14032 — Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unpro…

| Authorization
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-5663 — OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Perform…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
5.5 MEDIUM
CVE-2026-5661 — Free5GC NGSetupRequest denial of service

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched rem…

Remote | Denial of Service
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
6.5 MEDIUM
CVE-2026-34897 — WordPress Media LIbrary Assistant plugin <= 3.34 - Cross Site Scripting (XSS) vulnerabili…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistan…

Remote | Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
8.5 HIGH
CVE-2026-34885 — WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assis…

Remote | Injection
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
7.5 HIGH
CVE-2026-33540 — Distribution affected by pull-through cache credential exfiltration via www-authenticate …

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate chal…

Remote | Authentication
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
8.8 HIGH
CVE-2026-33510 — DOM-Based XSS in Homarr /auth/login Redirect

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL par…

Remote | Cross-Site Scripting
Apr 06, 2026 Apr 06, 2026
Apr 06, 2026
Apr 06, 2026
Showing 20 of 6029 Results