Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-2925 — D-Link DWR-M960 Bridge VLAN Configuration Endpoint formBridgeVlan sub_42B5A0 stack-based …

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Perf…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
7.0 HIGH
CVE-2026-2913 — libvips source.c vips_source_read_to_memory heap-based overflow

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffe…

libvips | Memory Corruption
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2026-2912 — code-projects Online Reviewer System studentresult-view.php sql injection

A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation…

online_reviewer_system | Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2911 — Tenda FH451 GstDhcpSetSer buffer overflow

A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to…

fh451_firmware fh451 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2910 — Tenda HG9 formPing6 stack-based overflow

A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer …

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2909 — Tenda HG9 Diagnostic Ping Endpoint formPing stack-based overflow

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pi…

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2908 — Tenda HG9 Loopback Detection Configuration Endpoint formLoopBack stack-based overflow

A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configura…

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2907 — Tenda HG9 GPON Configuration Endpoint formgponConf stack-based overflow

A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This …

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2906 — Tenda HG9 Samba Configuration Endpoint formSamba stack-based overflow

A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argum…

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2905 — Tenda HG9 Wireless Configuration Endpoint formWlanSetup stack-based overflow

A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the ar…

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2904 — UTT HiPER 810G ConfigExceptAli strcpy buffer overflow

A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack c…

810g_firmware 810g | Remote | Memory Corruption
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2903 — skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack ca…

re2c | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2026-2898 — funadmin Backend Endpoint AuthCloudService.php getMember deserialization

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipula…

funadmin | Remote | Injection
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2897 — funadmin Backend index.html cross site scripting

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The m…

funadmin | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
7.5 HIGH
CVE-2026-2896 — funadmin Configuration Ajax.php setConfig improper authorization

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipul…

funadmin | Remote | Authorization
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-2895 — funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argumen…

funadmin | Remote | Authentication
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2026-2894 — funadmin forget.html getMember information disclosure

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to inform…

funadmin | Remote | Information Disclosure
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2889 — CCExtractor mp4.c processmp4 use after free

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only…

| Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
5.5 MEDIUM
CVE-2026-2887 — aardappel lobster idents.h TypeName recursion

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrol…

lobster | Denial of Service
Feb 21, 2026 Feb 26, 2026
Feb 21, 2026
Feb 26, 2026
9.0 HIGH
CVE-2026-2886 — Tenda A21 SetOnlineDevName set_device_name stack-based overflow

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffe…

a21_firmware a21 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
Showing 20 of 5272 Results