Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-2147 — Tenda AC21 Web Management DownloadLog information disclosure

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lea…

ac21_firmware ac21 | Remote | Information Disclosure
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2146 — guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Perfo…

yshopmall | Remote | Misconfiguration
Feb 08, 2026 Feb 17, 2026
Feb 08, 2026
Feb 17, 2026
5.4 MEDIUM
CVE-2026-2145 — cym1102 nginxWebUI Web Management check cross site scripting

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipul…

nginxwebui | Remote | Cross-Site Scripting
Feb 08, 2026 Mar 05, 2026
Feb 08, 2026
Mar 05, 2026
8.3 HIGH
CVE-2026-2143 — D-Link DIR-823X DDNS Service set_ddns os command injection

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the ar…

dir-823x_firmware dir-823x | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.3 HIGH
CVE-2026-2142 — D-Link DIR-823X set_qos sub_420688 os command injection

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. Th…

dir-823x_firmware dir-823x | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2141 — WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.…

wukongcrm | Remote | Authorization
Feb 08, 2026 Mar 05, 2026
Feb 08, 2026
Mar 05, 2026
9.0 HIGH
CVE-2026-2140 — Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow

A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceLis…

tx9_firmware tx9 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2139 — Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow

A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argu…

tx9_firmware tx9 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
Showing 20 of 5068 Results