Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-4222 — SSCMS download PathUtils.RemoveParentPath path traversal

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of t…

Remote | Path Traversal
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4221 — Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the …

Remote | Misconfiguration
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4220 — Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argu…

Remote | Misconfiguration
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
3.3 LOW
CVE-2026-4219 — INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfi…

A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event…

| Misconfiguration
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
2.5 LOW
CVE-2026-4218 — myAEDES App aedes.me.beta EngageBayUtils.java information disclosure

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a m…

| Information Disclosure
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
2.5 LOW
CVE-2026-4217 — XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the com…

| Misconfiguration
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-4216 — i-SENS SmartLog App air.SmartLog.android hard-coded credentials

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. …

| Authentication
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4215 — FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java…

Remote | Server-Side Request Forgery
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
9.0 HIGH
CVE-2026-4214 — D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-…

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
9.0 HIGH
CVE-2026-4213 — D-Link DNS-1550-04 gui_mgr.cgi cgi_myfavorite_verify stack-based overflow

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-…

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
9.0 HIGH
CVE-2026-4212 — D-Link DNS-1550-04 download_mgr.cgi Downloads_Schedule_Info stack-based overflow

A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS…

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
9.0 HIGH
CVE-2026-4211 — D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

Remote | Memory Corruption
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4210 — D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, D…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4209 — D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4207 — D-Link DNS-1550-04 system_mgr.cgi cgi_ntp_time command injection

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4206 — D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4205 — D-Link DNS-1550-04 app_mgr.cgi FTP_Server_BlockIP_Del command injection

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4204 — D-Link DNS-1550-04 gui_mgr.cgi cgi_mycloud_auto_downlaod command injection

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-4203 — D-Link DNS-1550-04 network_mgr.cgi cgi_dhcpd command injection

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-…

Remote | Injection
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-4201 — glowxq glowxq-oj SysFileController.java upload unrestricted upload

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/co…

Remote | Misconfiguration
Mar 16, 2026 Mar 16, 2026
Mar 16, 2026
Mar 16, 2026
Showing 20 of 5295 Results