Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2026-22908

    Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.... Read more

    Affected Products : tdc-x401gl_firmware tdc-x401gl
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-67647

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.... Read more

    Affected Products : sveltekit adapter-node kit
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2026-23966

    sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption i... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2025-69990

    phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.... Read more

    Affected Products : news_portal
    • Published: Jan. 13, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-69312

    Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.... Read more

    Affected Products : xpro_addons_for_elementor
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2026-22482

    Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.... Read more

    Affected Products : imgspider
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-37168

    Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary ... Read more

    Affected Products : arubaos
    • Published: Jan. 13, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Path Traversal

  • 9.0

    CRITICAL
    CVE-2025-30248

    DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.... Read more

    Affected Products : wd_discovery
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2026-2187

    A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate ... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2186

    A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The ... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2185

    A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2202

    A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launch... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2181

    A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2180

    A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The ex... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1143

    A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched ... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 19, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2026-23520

    Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-u... Read more

    Affected Products : arcane
    • Published: Jan. 15, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-68015

    Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.3.... Read more

    Affected Products : event_tickets_with_ticket_scanner
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2026-0837

    A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is public... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 11, 2026
    • Modified: Jan. 13, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1328

    A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow... Read more

    Affected Products : nr1800x_firmware nr1800x
    • Published: Jan. 22, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1329

    A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-bas... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 22, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4492 Results