Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-28286 — ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from c…

zimaos | Remote | Path Traversal
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-26708 — Sourcecodester Pharmacy Point of Sale System SQL Injection Vulnerability

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php.

pharmacy_point_of_sale_system | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
0.0 NA
CVE-2026-26700 — Sourcecodester Personnel Property Equipment System SQL Injection Vulnerability

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.

| Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2026-24105 — Tenda AC15 Command Injection Vulnerability

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into d…

Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
5.3 MEDIUM
CVE-2026-23865 — Freetype Integer Overflow Out-of-Bounds Read Vulnerability

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR ta…

freetype | Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2026-21385 — Integer Overflow or Wraparound in Graphics

Memory corruption while using alignments for memory allocation.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2025-70252 — Tenda AC6 Stack Overflow Vulnerability

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is wo…

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-64427 — ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticat…

zimaos | Remote | Server-Side Request Forgery
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-59603 — Out-of-bounds Write in Computer Vision

Memory Corruption when processing invalid user address with nonstandard buffer address.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-59600 — Buffer Over-read in Graphics

Memory Corruption when adding user-supplied data without checking available buffer space.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47386 — Use After Free in Automotive Audio

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47385 — Improper Access Control for Register Interface in SCE-Mink

Memory Corruption when accessing trusted execution environment without proper privilege check.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.5 MEDIUM
CVE-2025-47384 — Reachable Assertion in FW

Transient DOS when MAC configures config id greater than supported maximum value.

| Denial of Service
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.2 HIGH
CVE-2025-47383 — Missing Cryptographic Step in Data Modem

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

Remote | Misconfiguration
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47381 — Use After Free in Automotive Audio

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47379 — Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-47378 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

| Cryptography
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47377 — Use After Free in Automotive Audio

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47376 — Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.8 HIGH
CVE-2025-47375 — Use After Free in Automotive Audio

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

| Memory Corruption
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
Showing 20 of 4875 Results