Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2025-64427 — ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticat…

zimaos | Remote | Server-Side Request Forgery
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-59603 — Out-of-bounds Write in Computer Vision

Memory Corruption when processing invalid user address with nonstandard buffer address.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-59600 — Buffer Over-read in Graphics

Memory Corruption when adding user-supplied data without checking available buffer space.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47386 — Use After Free in Automotive Audio

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47385 — Improper Access Control for Register Interface in SCE-Mink

Memory Corruption when accessing trusted execution environment without proper privilege check.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.5 MEDIUM
CVE-2025-47384 — Reachable Assertion in FW

Transient DOS when MAC configures config id greater than supported maximum value.

| Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.2 HIGH
CVE-2025-47383 — Missing Cryptographic Step in Data Modem

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

Remote | Misconfiguration
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47381 — Use After Free in Automotive Audio

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47379 — Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-47378 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

| Cryptography
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47377 — Use After Free in Automotive Audio

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47376 — Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47375 — Use After Free in Automotive Audio

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47373 — Out-of-bounds Write in Automotive

Memory Corruption when accessing buffers with invalid length during TA invocation.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.5 MEDIUM
CVE-2025-47371 — Reachable Assertion in Modem

Transient DOS when an LTE RLC packet with invalid TB is received by UE.

| Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.5 MEDIUM
CVE-2026-28412 — Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state t…

Remote | Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.6 HIGH
CVE-2026-28403 — Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTT…

Remote | Misconfiguration
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-26720 — Twenty CRM TypeScript Injection Vulnerability

An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2026-26701 — Sourcecodester Personnel Property Equipment System SQL Injection Vulnerability

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.

| Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.8 HIGH
CVE-2026-26699 — Sourcecodester Personnel Property Equipment System File Upload Code Execution Vulnerabili…

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
Showing 20 of 4860 Results