Latest Cybersecurity Vulnerabilities - Real-Time Updates

Latest 30 CVEs - Real-Time Cyber Threats

Cyber threats are constantly evolving, making real-time vulnerability tracking essential. Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs), providing key details such as affected vendors, impact levels, and risk scores.

Each CVE entry includes a brief summary and a direct link to its full details, enabling cybersecurity professionals, system administrators, and developers to quickly assess and mitigate potential security risks.

CVE-2026-3588 Critical Security Advisory
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
Score: 7.5_/10 🔥 Very High Risk
Published on 09 Mar 2026, 16:16 UTC (only 58 minutes ago)
CVE-2026-25866 Exploitable Vulnerability Warning
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.
Score: 7.8_/10 🔥 Very High Risk
Published on 09 Mar 2026, 16:16 UTC (only 58 minutes ago)
CVE-2025-70060 Security Notice
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2025-70050 Technical Report
An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2025-70048 Technical Report
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2025-70047 Vulnerability Insight
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2. ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2025-70046 Technical Report
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master. ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2025-70042 Security Notice
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master. ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2025-70040 Vulnerability Insight
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2024-14027 Technical Report
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fi... ⏳ Analysis in Progress 09 Mar 2026, 16:16 UTC (58 minutes ago)
CVE-2025-70250 Technical Report
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. ⏳ Analysis in Progress 09 Mar 2026, 15:15 UTC (1 hour ago)
CVE-2025-70243 Security Notice
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. ⏳ Analysis in Progress 09 Mar 2026, 15:15 UTC (1 hour ago)
CVE-2025-70238 Vulnerability Insight
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. ⏳ Analysis in Progress 09 Mar 2026, 15:15 UTC (1 hour ago)
CVE-2025-70059 Security Notice
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. ⏳ Analysis in Progress 09 Mar 2026, 15:15 UTC (1 hour ago)
CVE-2025-69648 Vulnerability Insight
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed. ⏳ Analysis in Progress 09 Mar 2026, 15:15 UTC (1 hour ago)
CVE-2025-69647 Security Notice
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis. ⏳ Analysis in Progress 09 Mar 2026, 15:15 UTC (1 hour ago)
CVE-2026-3089 Vulnerability Insight
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments (../) can escape the intended directory and write files outside userFiles.This issue affects prior versions of Actual Sync Server 26.3.0. ⏳ Analysis in Progress 09 Mar 2026, 14:16 UTC (2 hours ago)
CVE-2026-2919 Security Flaw Alert
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2.
Score: 4.3_/10 ⚠️ Medium Risk
Published on 09 Mar 2026, 14:16 UTC (only 2 hours ago)
CVE-2026-3819 Security Issue Details
A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 3.5_/10 ⚠️ Moderate Risk
Published on 09 Mar 2026, 13:15 UTC (only 3 hours ago)
CVE-2026-3038 Technical Report
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's possible for a malicious userspace program to craft a request which triggers a 127-byte overflow. In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack frame, resulting in a panic once the function returns. The bug allows an unprivileged user to crash... ⏳ Analysis in Progress 09 Mar 2026, 13:15 UTC (3 hours ago)