Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-33780 — Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memo…

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated…

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33779 — Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud commun…

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to …

Remote | Misconfiguration
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.5 HIGH
CVE-2026-33778 — Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is rec…

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, n…

Remote | Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.5 MEDIUM
CVE-2026-33776 — Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive info…

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privil…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33775 — Junos OS: MX Series: Mismatch between configured and received packet types causes memory …

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthen…

| Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-33774 — Junos OS: MX Series: Firewall filters on lo0.<non-0> in the default routing instance are …

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker…

Remote | Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
5.8 MEDIUM
CVE-2026-33773 — Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB a…

An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network…

Remote | Misconfiguration
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.4 HIGH
CVE-2026-33771 — CTP OS: Configuring password requirements does not work which permits the use of weak pas…

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local acc…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2026-21919 — Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF s…

An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Den…

Remote | Race Condition
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
7.3 HIGH
CVE-2026-21916 — Junos OS: A low privileged user can escalate their privileges so that they can login as r…

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which wi…

| Authorization
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.7 MEDIUM
CVE-2026-21915 — JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their …

| Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.1 MEDIUM
CVE-2026-21904 — Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script …

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter fie…

Remote | Cross-Site Scripting
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.5 MEDIUM
CVE-2025-59969 — Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast pa…

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series …

| Denial of Service
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
8.7 HIGH
CVE-2025-13914 — Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insuf…

Remote | Authentication
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
9.0 HIGH
CVE-2026-5980 — D-Link DIR-605L POST Request formSetMACFilter buffer overflow

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation…

Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
9.0 HIGH
CVE-2026-5979 — D-Link DIR-605L POST Request formVirtualServ buffer overflow

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The …

Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
10.0 HIGH
CVE-2026-5978 — Totolink A7100RU CGI cstecgi.cgi setWiFiAclRules os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu…

Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
10.0 HIGH
CVE-2026-5977 — Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulat…

Remote | Injection
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.3 MEDIUM
CVE-2026-5447 — Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the Aut…

Remote | Memory Corruption
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
6.0 MEDIUM
CVE-2026-5446 — wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-suppl…

Remote | Cryptography
Apr 09, 2026 Apr 09, 2026
Apr 09, 2026
Apr 09, 2026
Showing 20 of 6483 Results