Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2026-2882

    A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 21, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2883

    A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely.... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 21, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2929

    A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow.... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 22, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2958

    A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely.... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 23, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2884

    A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-ba... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 21, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2885

    A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be perfor... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 21, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2026-25998

    strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global dat... Read more

    Affected Products : strongman
    • Published: Feb. 19, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Cryptography

  • 9.0

    HIGH
    CVE-2026-2925

    A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 22, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2926

    A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflo... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 22, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2026-21722

    Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the lock... Read more

    Affected Products : grafana
    • Published: Feb. 12, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-41117

    Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API ap... Read more

    Affected Products : grafana
    • Published: Feb. 12, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-26278

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. W... Read more

    Affected Products : fast-xml-parser fast-xml-parser
    • Published: Feb. 19, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: XML External Entity

  • 9.0

    HIGH
    CVE-2026-2927

    A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 22, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2928

    A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based ... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 22, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2959

    A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitati... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 23, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2026-27013

    Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/Text/TextSVGExportMixin.ts:186`) but fails to apply it to other user-controlled string values that are i... Read more

    Affected Products : fabric.js
    • Published: Feb. 19, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2026-2960

    A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed re... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 23, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2961

    A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer ove... Read more

    Affected Products : dwr-m960_firmware dwr-m960
    • Published: Feb. 23, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2026-26464

    Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can ... Read more

    Affected Products :
    • Published: Feb. 23, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2026-26345

    SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately sanitize user-controlled content, allowing authenticate... Read more

    Affected Products : spip
    • Published: Feb. 19, 2026
    • Modified: Feb. 23, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4592 Results