Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2026-2181

    A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer... Read more

    Affected Products : rx3_firmware rx3
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2186

    A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The ... Read more

    Affected Products : rx3_firmware rx3
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-68723

    Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL... Read more

    Affected Products : axigen_mail_server
    • Published: Feb. 05, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2026-25881

    SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2026-2187

    A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate ... Read more

    Affected Products : rx3_firmware rx3
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1637

    A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. T... Read more

    Affected Products : ac21_firmware ac21
    • Published: Jan. 29, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2202

    A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launch... Read more

    Affected Products : ac8_firmware ac8
    • Published: Feb. 09, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1157

    A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotel... Read more

    Affected Products : lr350_firmware lr350
    • Published: Jan. 19, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2070

    A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2067

    A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated re... Read more

    Affected Products : 520w_firmware 520w
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2185

    A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer... Read more

    Affected Products : rx3_firmware rx3
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-30248

    DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.... Read more

    Affected Products : wd_discovery
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2026-1156

    A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the ... Read more

    Affected Products : lr350_firmware lr350
    • Published: Jan. 19, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1155

    A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be per... Read more

    Affected Products : lr350_firmware lr350
    • Published: Jan. 19, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-68015

    Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.3.... Read more

    Affected Products : event_tickets_with_ticket_scanner
    • Published: Jan. 22, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2026-2086

    A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer o... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1143

    A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched ... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 19, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2071

    A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried ou... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1140

    A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public ... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1686

    A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possibl... Read more

    Affected Products : a3600r_firmware a3600r
    • Published: Jan. 30, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4974 Results