Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-45249 — Apache ECharts: XSS in Lines series tooltip rendering

A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0,…

echarts | Remote | Cross-Site Scripting
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
10.0 HIGH
CVE-2026-9434 — Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9433 — Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9432 — Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managemen…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9431 — Tenda F1202 PptpUserAdd fromPptpUserAdd stack-based overflow

A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based b…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9430 — Tenda F1202 GstDhcpSetSerof formGstDhcpSetSer stack-based overflow

A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dip…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9429 — Tenda F1202 WrlExtraSet formWrlExtraSet stack-based overflow

A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9428 — Tenda F1202 PPTPUserSetting fromPPTPUserSetting stack-based overflow

A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-b…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-41863 — LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI s…

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the int…

spring_ai | Remote | Path Traversal
May 25, 2026 Jun 01, 2026
May 25, 2026
Jun 01, 2026
9.0 CRITICAL
CVE-2026-2651 — Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce …

mlflow | Remote | Authorization
May 25, 2026 Jun 04, 2026
May 25, 2026
Jun 04, 2026
8.1 HIGH
CVE-2026-25193 — Gallagher Command Centre Service Account Credentials Exposure

Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Co…

| Information Disclosure
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9427 — Edimax EW-7438RPn webs formWlSiteSurvey stack-based overflow

A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submi…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9426 — Edimax EW-7438RPn formHwSet stack-based overflow

A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wla…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9425 — Edimax EW-7438RPn formWlanMP stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9424 — Edimax EW-7438RPn Content-Type formWlanMP os command injection

A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulatio…

ew-7438rpn | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.8 MEDIUM
CVE-2026-9423 — Edimax BR-6675nD POST Request mp command injection

A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument comma…

br-6675nd | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9422 — KLiK SocialMediaWebsite HTTP POST Request Parameter injection

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. T…

klik_socialmediawebsite | Remote | Injection
May 25, 2026 May 29, 2026
May 25, 2026
May 29, 2026
7.5 HIGH
CVE-2026-9421 — KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrest…

klik_socialmediawebsite | Remote | Authentication
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
7.5 HIGH
CVE-2026-9420 — KLiK SocialMediaWebsite HTTP GET Request Parameter injection

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to la…

klik_socialmediawebsite | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
5.0 MEDIUM
CVE-2026-9419 — code-projects Employee Management System empproject.php cross site scripting

A vulnerability has been found in code-projects Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /empproject.php. The manipulation of the argument ID l…

employee_management_system | Remote | Cross-Site Scripting
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
Showing 20 of 6764 Results