Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-2148 — Tenda AC21 Web Management DownloadFlash information disclosure

A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation le…

ac21_firmware ac21 | Remote | Information Disclosure
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
5.5 MEDIUM
CVE-2026-2147 — Tenda AC21 Web Management DownloadLog information disclosure

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lea…

ac21_firmware ac21 | Remote | Information Disclosure
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2146 — guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Perfo…

yshopmall | Remote | Misconfiguration
Feb 08, 2026 Feb 17, 2026
Feb 08, 2026
Feb 17, 2026
5.4 MEDIUM
CVE-2026-2145 — cym1102 nginxWebUI Web Management check cross site scripting

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipul…

nginxwebui | Remote | Cross-Site Scripting
Feb 08, 2026 Mar 05, 2026
Feb 08, 2026
Mar 05, 2026
8.3 HIGH
CVE-2026-2143 — D-Link DIR-823X DDNS Service set_ddns os command injection

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the ar…

dir-823x_firmware dir-823x | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.3 HIGH
CVE-2026-2142 — D-Link DIR-823X set_qos sub_420688 os command injection

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. Th…

dir-823x_firmware dir-823x | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2141 — WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.…

wukongcrm | Remote | Authorization
Feb 08, 2026 Mar 05, 2026
Feb 08, 2026
Mar 05, 2026
9.0 HIGH
CVE-2026-2140 — Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow

A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceLis…

tx9_firmware tx9 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2139 — Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow

A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argu…

tx9_firmware tx9 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2138 — Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow

A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer over…

tx9_firmware tx9 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2137 — Tenda TX3 SetIpMacBind buffer overflow

A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow.…

tx3_firmware tx3 | Remote | Memory Corruption
Feb 08, 2026 Feb 11, 2026
Feb 08, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-2136 — projectworlds Online Food Ordering System view-ticket.php sql injection

A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql inje…

online_food_ordering_system | Remote | Injection
Feb 08, 2026 Feb 11, 2026
Feb 08, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-2135 — UTT HiPER 810 formPdbUpConfig sub_43F020 command injection

A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames …

810_firmware 810 | Remote | Injection
Feb 08, 2026 Feb 13, 2026
Feb 08, 2026
Feb 13, 2026
7.2 HIGH
CVE-2026-2134 — PHPGurukul Hospital Management System manage-doctors.php sql injection

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of th…

hospital_management_system hospital_management_system | Remote | Injection
Feb 08, 2026 Feb 11, 2026
Feb 08, 2026
Feb 11, 2026
9.8 CRITICAL
CVE-2026-2133 — code-projects Online Music Site AdminUpdateCategory.php unrestricted upload

A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtima…

online_music_site | Remote | Misconfiguration
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2132 — code-projects Online Music Site AdminUpdateCategory.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the …

online_music_site | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2131 — XixianLiang HarmonyOS-mcp-server input_text os command injection

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remo…

harmonyos_mcp_server | Remote | Injection
Feb 08, 2026 Mar 05, 2026
Feb 08, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-2130 — BurtTheCoder mcp-maigret search_username index.ts command injection

A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argume…

maigret_mcp_server | Remote | Injection
Feb 08, 2026 Mar 05, 2026
Feb 08, 2026
Mar 05, 2026
6.5 MEDIUM
CVE-2026-2209 — WeKan Custom Translation translationBody.js setCreateTranslation improper authorization

A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translati…

wekan | Remote | Authorization
Feb 08, 2026 Feb 11, 2026
Feb 08, 2026
Feb 11, 2026
6.5 MEDIUM
CVE-2026-2208 — WeKan Rules rules.js RulesBleed authorization

A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to miss…

wekan | Remote | Authorization
Feb 08, 2026 Feb 11, 2026
Feb 08, 2026
Feb 11, 2026
Showing 20 of 5134 Results