Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-4199 — bazinga012 mcp_code_executor index.ts installDependencies command injection

A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command inj…

| Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-4198 — hypermodel-labs mcp-server-auto-commit index.ts getGitChanges command injection

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command inj…

| Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4197 — D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4196 — D-Link DNS-1550-04 remote_backup.cgi cgi_set_rsync_server command injection

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4195 — D-Link DNS-1550-04 wizard_mgr.cgi command injection

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4194 — D-Link DNS-1550-04 system_mgr.cgi cgi_set_wto access control

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-…

Remote | Authorization
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4193 — D-Link DIR-823G goahead UpdateClientInfo access control

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/G…

Remote | Authorization
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4192 — AvinashBole quip-mcp-server index.ts setupToolHandlers command injection

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command inje…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4191 — JawherKl node-api-postgres Profile Picture index.js path.extname unrestricted upload

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestrict…

Remote | Misconfiguration
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4190 — JawherKl node-api-postgres user.js User.getAll sql injection

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection.…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
5.8 MEDIUM
CVE-2026-4189 — phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipul…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
9.0 HIGH
CVE-2026-4188 — D-Link DIR-619L boa formSchedule stack-based overflow

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of t…

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
5.5 MEDIUM
CVE-2026-4187 — Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp miss…

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier…

Remote | Authentication
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
5.1 MEDIUM
CVE-2026-4186 — UEditor JSONP Callback controller.php cross site scripting

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This man…

Remote | Cross-Site Scripting
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4185 — GPAC MP4Box swf_parse.c swf_def_bits_jpeg stack-based overflow

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box.…

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
10.0 HIGH
CVE-2026-4184 — D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a …

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
10.0 HIGH
CVE-2026-4183 — D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the …

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
10.0 HIGH
CVE-2026-4182 — D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow

A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument …

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
10.0 HIGH
CVE-2026-4181 — D-Link DIR-816 goahead form2RepeaterStep2.cgi stack-based overflow

A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument…

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4180 — D-Link DIR-816 goahead redirect.asp access control

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id le…

Remote | Authorization
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
Showing 20 of 5274 Results