Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2026-2067

    A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated re... Read more

    Affected Products : 520w_firmware 520w
    • Published: Feb. 06, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2140

    A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched r... Read more

    Affected Products : tx9_firmware tx9
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2026-1009

    A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when... Read more

    Affected Products : altium_live
    • Published: Jan. 15, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2026-23520

    Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-u... Read more

    Affected Products : arcane
    • Published: Jan. 15, 2026
    • Modified: Feb. 05, 2026
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2026-2086

    A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer o... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1143

    A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched ... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 19, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2071

    A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried ou... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1686

    A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possibl... Read more

    Affected Products : a3600r_firmware a3600r
    • Published: Jan. 30, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2068

    A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is ... Read more

    Affected Products :
    • Published: Feb. 06, 2026
    • Modified: Feb. 09, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1140

    A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public ... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-1139

    A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 19, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-30248

    DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.... Read more

    Affected Products : wd_discovery
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2026-24002

    Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodid... Read more

    Affected Products : grist-core
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 8.9

    HIGH
    CVE-2025-11044

    An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition... Read more

    Affected Products :
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Race Condition

  • 8.9

    HIGH
    CVE-2026-24772

    OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently va... Read more

    Affected Products : openproject
    • Published: Jan. 28, 2026
    • Modified: Jan. 29, 2026
    • Vuln Type: Server-Side Request Forgery

  • 8.9

    HIGH
    CVE-2026-24932

    The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to pe... Read more

    Affected Products : data_master
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Misconfiguration

  • 8.9

    HIGH
    CVE-2026-24124

    Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. Th... Read more

    Affected Products : dragonfly
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authentication

  • 8.9

    HIGH
    CVE-2026-24933

    The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack ... Read more

    Affected Products : data_master
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2026-1145

    A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out rem... Read more

    Affected Products : quickjs
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-67077

    File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.... Read more

    Affected Products : agora-project
    • Published: Jan. 15, 2026
    • Modified: Jan. 21, 2026
    • Vuln Type: Authentication
Showing 20 of 4971 Results