Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-9438 — yashpokharna2555 StudentManagementSystem courseDel.php resource injection

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the arg…

studentmanagementsystem | Remote | Path Traversal
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9437 — DTStack Taier REST API Runtime.exec os command injection

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The at…

taier | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9436 — Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Execut…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9435 — Totolink A8000RU Web Management cstecgi.cgi setQosCfg os command injection

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Perfor…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-4915 — Server panic via outgoing webhook responses

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an …

mattermost_server legal_hold | Remote | Denial of Service
May 25, 2026 Jun 01, 2026
May 25, 2026
Jun 01, 2026
6.1 MEDIUM
CVE-2026-45249 — Apache ECharts: XSS in Lines series tooltip rendering

A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0,…

echarts | Remote | Cross-Site Scripting
May 25, 2026 May 28, 2026
May 25, 2026
May 28, 2026
10.0 HIGH
CVE-2026-9434 — Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9433 — Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
10.0 HIGH
CVE-2026-9432 — Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managemen…

a8000ru_firmware | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9431 — Tenda F1202 PptpUserAdd fromPptpUserAdd stack-based overflow

A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based b…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9430 — Tenda F1202 GstDhcpSetSerof formGstDhcpSetSer stack-based overflow

A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dip…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9429 — Tenda F1202 WrlExtraSet formWrlExtraSet stack-based overflow

A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9428 — Tenda F1202 PPTPUserSetting fromPPTPUserSetting stack-based overflow

A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-b…

f1202_firmware | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-41863 — LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI s…

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the int…

spring_ai | Remote | Path Traversal
May 25, 2026 Jun 01, 2026
May 25, 2026
Jun 01, 2026
9.0 CRITICAL
CVE-2026-2651 — Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce …

mlflow | Remote | Authorization
May 25, 2026 Jun 04, 2026
May 25, 2026
Jun 04, 2026
8.1 HIGH
CVE-2026-25193 — Gallagher Command Centre Service Account Credentials Exposure

Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Co…

| Information Disclosure
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9427 — Edimax EW-7438RPn webs formWlSiteSurvey stack-based overflow

A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submi…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9426 — Edimax EW-7438RPn formHwSet stack-based overflow

A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wla…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
9.0 HIGH
CVE-2026-9425 — Edimax EW-7438RPn formWlanMP stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/…

ew-7438rpn | Remote | Memory Corruption
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
6.5 MEDIUM
CVE-2026-9424 — Edimax EW-7438RPn Content-Type formWlanMP os command injection

A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulatio…

ew-7438rpn | Remote | Injection
May 25, 2026 May 26, 2026
May 25, 2026
May 26, 2026
Showing 20 of 6714 Results