Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2026-2129

    A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The a... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2120

    A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-10174

    Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.... Read more

    Affected Products :
    • Published: Feb. 11, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2025-9520

    An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.... Read more

    Affected Products :
    • Published: Jan. 26, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2026-2084

    A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remot... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 07, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2080

    A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The e... Read more

    Affected Products : 810_firmware 810
    • Published: Feb. 07, 2026
    • Modified: Feb. 13, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-25117

    pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same orig... Read more

    Affected Products :
    • Published: Jan. 29, 2026
    • Modified: Feb. 04, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2026-2191

    A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has b... Read more

    Affected Products : ac9_firmware ac9
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2026-2151

    A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched rem... Read more

    Affected Products : dir-615_firmware dir-615
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2157

    A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection.... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-22850

    Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary pat... Read more

    Affected Products : koko_analytics
    • Published: Jan. 19, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-0603

    A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is use... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2182

    A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely.... Read more

    Affected Products : 521g_firmware 521g
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2085

    A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection... Read more

    Affected Products : dwr-m921_firmware dwr-m921
    • Published: Feb. 07, 2026
    • Modified: Feb. 12, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-1505

    A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit ha... Read more

    Affected Products : dir-615_firmware dir-615
    • Published: Jan. 28, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-23851

    SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the ... Read more

    Affected Products : siyuan
    • Published: Jan. 19, 2026
    • Modified: Jan. 30, 2026
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2026-1448

    A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. ... Read more

    Affected Products : dir-615_firmware dir-615
    • Published: Jan. 27, 2026
    • Modified: Jan. 28, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2192

    A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based ... Read more

    Affected Products : ac9_firmware ac9
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2026-2188

    A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launc... Read more

    Affected Products : 521g_firmware 521g
    • Published: Feb. 08, 2026
    • Modified: Feb. 10, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2155

    A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command i... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 08, 2026
    • Modified: Feb. 11, 2026
    • Vuln Type: Injection
Showing 20 of 4666 Results