Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-9461 — Edimax EW-7438RPn formRadius stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-ba…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9460 — Edimax EW-7438RPn formAccept stack-based overflow

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-ba…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9459 — Edimax EW-7438RPn formConnectionSetting stack-based overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9458 — Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9457 — Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.3 CRITICAL
CVE-2026-9058 — Improper Certificate Verification in Szafir SDK

Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") …

Remote | Cryptography
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9456 — Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation …

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9455 — Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9454 — Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCertGenerationCfg os command inject…

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Int…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9453 — FoundDream miniclawd SkillsLoader skills-loader.ts which command injection

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component Ski…

miniclawd | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
8.3 HIGH
CVE-2026-7766 — Path Traversal in Kenik cameras

Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the serv…

| Path Traversal
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9452 — FoundDream miniclawd exec.ts ExecTool.execute os command injection

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.…

miniclawd | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9451 — code-projects Employee Management System applyleaveprocess.php sql injection

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulatio…

employee_management_system | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9450 — code-projects Employee Management System psubmit.php sql injection

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql inje…

employee_management_system | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9449 — code-projects Employee Management System changepassemp.php sql injection

A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possibl…

employee_management_system | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.0 MEDIUM
CVE-2026-9448 — code-projects Employee Management System applyleave.php cross site scripting

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument ID can lead to c…

employee_management_system | Remote | Cross-Site Scripting
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9447 — SourceCodester Simple POS and Inventory System search.php sql injection

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Na…

simple_pos_and_inventory_system | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.3 MEDIUM
CVE-2026-46745 — Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reach…

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache…

apache-airflow-providers-fab | Remote | Injection
May 25, 2026 May 27, 2026
May 25, 2026
May 27, 2026
5.3 MEDIUM
CVE-2026-40127 — Authorization Bypass Through User-Controlled Key in OutSystems Lifetime

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions perf…

Remote | Authorization
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.8 MEDIUM
CVE-2026-9446 — SourceCodester Simple POS and Inventory System edit_customer.php sql injection

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argume…

simple_pos_and_inventory_system | Remote | Injection
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
Showing 20 of 6704 Results