Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-21919 — Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF s…

An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Den…

junos junos_os_evolved | Remote | Race Condition
Apr 09, 2026 Apr 17, 2026
Apr 09, 2026
Apr 17, 2026
7.3 HIGH
CVE-2026-21916 — Junos OS: A low privileged user can escalate their privileges so that they can login as r…

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which wi…

junos | Authorization
Apr 09, 2026 Apr 17, 2026
Apr 09, 2026
Apr 17, 2026
8.4 HIGH
CVE-2026-21915 — JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their …

| Injection
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
6.1 MEDIUM
CVE-2026-21904 — Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script …

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter fie…

junos_space | Remote | Cross-Site Scripting
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
7.1 HIGH
CVE-2025-59969 — Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast pa…

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series …

junos_os_evolved | Denial of Service
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
8.7 HIGH
CVE-2025-13914 — Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insuf…

Remote | Authentication
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
9.0 HIGH
CVE-2026-5980 — D-Link DIR-605L POST Request formSetMACFilter buffer overflow

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation…

dir-605l_firmware | Remote | Memory Corruption
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
9.0 HIGH
CVE-2026-5979 — D-Link DIR-605L POST Request formVirtualServ buffer overflow

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The …

dir-605l_firmware | Remote | Memory Corruption
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
10.0 HIGH
CVE-2026-5978 — Totolink A7100RU CGI cstecgi.cgi setWiFiAclRules os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu…

a7100ru_firmware | Remote | Injection
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
10.0 HIGH
CVE-2026-5977 — Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulat…

a7100ru_firmware | Remote | Injection
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
6.3 MEDIUM
CVE-2026-5447 — Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the Aut…

wolfssl | Remote | Memory Corruption
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
6.0 MEDIUM
CVE-2026-5446 — wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-suppl…

wolfssl | Remote | Cryptography
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
3.1 LOW
CVE-2026-40109 — Flux notification-controller GCR Receiver missing email validation allows unauthorized re…

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not vali…

notification-controller | Remote | Authentication
Apr 09, 2026 Apr 16, 2026
Apr 09, 2026
Apr 16, 2026
8.7 HIGH
CVE-2026-40107 — SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive M…

siyuan | Remote | Cross-Site Scripting
Apr 09, 2026 Apr 16, 2026
Apr 09, 2026
Apr 16, 2026
8.1 HIGH
CVE-2026-40093 — nimiq-blockchain is missing a wall-clock upper bound on block timestamps

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks an…

core-rs-albatross | Remote | Misconfiguration
Apr 09, 2026 Apr 13, 2026
Apr 09, 2026
Apr 13, 2026
4.8 MEDIUM
CVE-2026-35206 — Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's c…

helm | Path Traversal
Apr 09, 2026 Apr 16, 2026
Apr 09, 2026
Apr 16, 2026
6.1 MEDIUM
CVE-2023-54364 — Joomla HikaShop 4.7.4 Reflected XSS via Product Filter

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter en…

hikashop | Remote | Cross-Site Scripting
Apr 09, 2026 Apr 15, 2026
Apr 09, 2026
Apr 15, 2026
6.1 MEDIUM
CVE-2023-54363 — Joomla Solidres 2.13.3 Reflected XSS via Multiple Parameters

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show…

solidres | Remote | Cross-Site Scripting
Apr 09, 2026 Apr 15, 2026
Apr 09, 2026
Apr 15, 2026
6.1 MEDIUM
CVE-2023-54362 — Joomla VirtueMart Shopping-Cart 4.0.12 Reflected XSS via keyword

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can c…

cs-cart | Remote | Cross-Site Scripting
Apr 09, 2026 Apr 15, 2026
Apr 09, 2026
Apr 15, 2026
6.1 MEDIUM
CVE-2023-54361 — Joomla iProperty Real Estate 4.1.1 Reflected XSS via filter_keyword

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers ca…

Remote | Cross-Site Scripting
Apr 09, 2026 Apr 15, 2026
Apr 09, 2026
Apr 15, 2026
Showing 20 of 6439 Results