Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-2907 — Tenda HG9 GPON Configuration Endpoint formgponConf stack-based overflow

A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This …

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2906 — Tenda HG9 Samba Configuration Endpoint formSamba stack-based overflow

A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argum…

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2905 — Tenda HG9 Wireless Configuration Endpoint formWlanSetup stack-based overflow

A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the ar…

hg9_firmware hg9 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2904 — UTT HiPER 810G ConfigExceptAli strcpy buffer overflow

A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack c…

810g_firmware 810g | Remote | Memory Corruption
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2903 — skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack ca…

re2c | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2026-2898 — funadmin Backend Endpoint AuthCloudService.php getMember deserialization

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipula…

funadmin | Remote | Injection
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2897 — funadmin Backend index.html cross site scripting

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The m…

funadmin | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
7.5 HIGH
CVE-2026-2896 — funadmin Configuration Ajax.php setConfig improper authorization

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipul…

funadmin | Remote | Authorization
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-2895 — funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argumen…

funadmin | Remote | Authentication
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
9.1 CRITICAL
CVE-2026-2894 — funadmin forget.html getMember information disclosure

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to inform…

funadmin | Remote | Information Disclosure
Feb 21, 2026 Feb 24, 2026
Feb 21, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2889 — CCExtractor mp4.c processmp4 use after free

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only…

| Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
5.5 MEDIUM
CVE-2026-2887 — aardappel lobster idents.h TypeName recursion

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrol…

lobster | Denial of Service
Feb 21, 2026 Feb 26, 2026
Feb 21, 2026
Feb 26, 2026
9.0 HIGH
CVE-2026-2886 — Tenda A21 SetOnlineDevName set_device_name stack-based overflow

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffe…

a21_firmware a21 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2885 — D-Link DWR-M960 formIpv6Setup sub_469104 stack-based overflow

A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results …

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2884 — D-Link DWR-M960 WAN Interface Setting formWanConfigSetup sub_41914C stack-based overflow

A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The m…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2883 — D-Link DWR-M960 formIpQoS sub_427D74 stack-based overflow

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-bas…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2882 — D-Link DWR-M960 formDosCfg sub_46385C stack-based overflow

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2881 — D-Link DWR-M960 Advanced Firewall Configuration Endpoint formFirewallAdv sub_425FF8 stack…

A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endp…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2877 — Tenda A18 Httpd Service WifiExtraSet strcpy stack-based overflow

A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_cryp…

a18_firmware a18 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2876 — Tenda A18 setBlackRule parse_macfilter_rule stack-based overflow

A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-bas…

a18_firmware a18 | Remote | Memory Corruption
Feb 21, 2026 Feb 23, 2026
Feb 21, 2026
Feb 23, 2026
Showing 20 of 5265 Results