| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5590 | net: ip/tcp: Null pointer dereference can be triggered by a race condition | zephyrproject-rtos | Zephyr | Medium | 6.4 | 2026-04-05 03:34:56 | Deep Dive |
| CVE-2026-1679 | net: eswifi socket send payload length not bounded | zephyrproject-rtos | Zephyr | High | 7.3 | 2026-03-27 23:21:18 | Deep Dive |
| CVE-2026-4179 | stm32: usb: Infinite while loop in Interrupt Handler | zephyrproject-rtos | Zephyr | Medium | 6.1 | 2026-03-14 21:51:33 | Deep Dive |
| CVE-2026-0849 | crypto: ATAES132A response length allows stack buffer overflow | zephyrproject-rtos | Zephyr | Low | 3.8 | 2026-03-14 21:05:37 | Deep Dive |
| CVE-2026-1678 | dns: memory‑safety issue in the DNS name parser | zephyrproject-rtos | Zephyr | Critical | 9.4 | 2026-03-05 06:21:37 | Deep Dive |
| CVE-2025-12899 | net: icmp: Out of bound memory read | zephyrproject-rtos | Zephyr | Medium | 6.5 | 2026-01-30 05:34:20 | Deep Dive |
| CVE-2025-12496 | Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery | dylanjkotze | Zephyr Project Manager | Medium | 4.9 | 2025-12-17 07:21:01 | Deep Dive |
| CVE-2025-12035 | Bluetooth: Integer Overflow in Bluetooth Classic (BR/EDR) L2CAP | zephyrproject-rtos | Zephyr | Medium | 6.5 | 2025-12-15 19:42:43 | Deep Dive |
| CVE-2025-9557 | Bluetooth: Mesh: Out-of-Bound Write in gen_prov_cont | zephyrproject-rtos | Zephyr | High | 7.6 | 2025-11-26 05:43:30 | Deep Dive |
| CVE-2025-9558 | Bluetooth: Mesh: Out-of-Bound Write in gen_prov_start | zephyrproject-rtos | Zephyr | High | 7.6 | 2025-11-26 05:39:44 | Deep Dive |
| CVE-2025-9408 | Userspace privilege escalation vulnerability on Cortex M | zephyrproject-rtos | Zephyr | High | 8.1 | 2025-11-11 15:34:59 | Deep Dive |
| CVE-2025-12890 | Bluetooth: peripheral: Invalid handling of malformed connection request | zephyrproject-rtos | Zephyr | Medium | 6.5 | 2025-11-07 18:40:56 | Deep Dive |
| CVE-2025-10490 | Zephyr Project Manager <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting | dylanjkotze | Zephyr Project Manager | Medium | 4.4 | 2025-09-26 06:43:30 | Deep Dive |
| CVE-2025-10456 | Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests | zephyrproject-rtos | Zephyr | High | 7.1 | 2025-09-19 05:21:33 | Deep Dive |
| CVE-2025-10458 | Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values | zephyrproject-rtos | Zephyr | High | 7.6 | 2025-09-19 05:20:20 | Deep Dive |
| CVE-2025-7403 | Bluetooth: bt_conn_tx_processor unsafe handling | zephyrproject-rtos | Zephyr | High | 7.6 | 2025-09-19 05:19:19 | Deep Dive |
| CVE-2025-10457 | Bluetooth: Out-Of-Context le_conn_rsp Handling | zephyrproject-rtos | Zephyr | Medium | 4.3 | 2025-09-19 05:17:40 | Deep Dive |
| CVE-2025-54714 | WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability | Dylan James | Zephyr Project Manager | High | 7.1 | 2025-08-28 12:37:35 | Deep Dive |
| CVE-2025-2962 | Infinite loop in dns_copy_qname | zephyrproject-rtos | Zephyr | High | 7.5 | 2025-06-24 05:32:11 | Deep Dive |
| CVE-2025-32526 | WordPress Zephyr Project Manager plugin <= 3.3.101 - Cross Site Scripting (XSS) vulnerability | Dylan James | Zephyr Project Manager | High | 7.1 | 2025-04-17 15:47:41 | Deep Dive |