Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-9213 — Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device.

xr1000 xr1000 raxe500 | Remote | Injection
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.6 MEDIUM
CVE-2026-9212 — Insufficient authentication and input validation in certain NETGEAR products

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain conf…

rax120 xr500 rbr20 rbs20 rbr40 rbs40 +14 more | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.2 MEDIUM
CVE-2026-9211 — Certain NETGEAR routers allow unauthenticated users to gain control of the router

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.

rax30 raxe300 cax30 | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
4.9 MEDIUM
CVE-2026-9210 — Certain NETGEAR routers allow authenticated administrators to gain unintended control of …

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…

xr1000 ex6120 ex3700 xr1000 ex3800 ex6130 +16 more | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
0.0 NA
CVE-2026-9076 — Out-of-Bounds Read in CMS Password-Based Decryption

Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in…

| Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.1 HIGH
CVE-2026-7383 — Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may…

Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.5 MEDIUM
CVE-2026-50508 — Windows NTLM Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

windows_10 windows_server_2012 windows_server_2016 windows_server windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.8 MEDIUM
CVE-2026-50507 — Windows BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_11 +1 more
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
8.8 HIGH
CVE-2026-49959 — Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration…

Remote | Injection
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.0 MEDIUM
CVE-2026-49958 — Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete…

| Race Condition
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.7 HIGH
CVE-2026-49957 — Hermes WebUI < 0.51.269 Workspace Boundary Bypass via api/workspace.py

Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the…

Remote | Path Traversal
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.1 HIGH
CVE-2026-49956 — Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoi…

Remote | Authorization
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
6.9 MEDIUM
CVE-2026-49955 — Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey option…

Remote | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
4.3 MEDIUM
CVE-2026-49848 — FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.5 HIGH
CVE-2026-49847 — FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
5.3 MEDIUM
CVE-2026-49843 — FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_vert…

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Authentication
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.5 HIGH
CVE-2026-49842 — FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Denial of Service
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.8 CRITICAL
CVE-2026-49841 — FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
9.1 CRITICAL
CVE-2026-49840 — FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
7.5 HIGH
CVE-2026-49475 — FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

freeswitch | Remote | Memory Corruption
Jun 09, 2026 Jun 09, 2026
Jun 09, 2026
Jun 09, 2026
Showing 20 of 7320 Results