Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2026-2943

    A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The atta... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-2940

    A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler. This manipulation causes out-of-b... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-2939

    A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch ... Read more

    Affected Products : school_management_system
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2026-1615

    Versions of the package jsonpath from 0.0.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle u... Read more

    Affected Products :
    • Published: Feb. 09, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2938

    A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to i... Read more

    Affected Products : student_result_management_system
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2026-2935

    A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remote... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2026-2934

    A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site sc... Read more

    Affected Products : yifang
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2026-2385

    The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the ... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2026-2933

    A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting.... Read more

    Affected Products : yifang
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2026-2932

    A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results ... Read more

    Affected Products : yifang
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-2930

    A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflo... Read more

    Affected Products : a18_firmware
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2929

    A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow.... Read more

    Affected Products : dwr-m960_firmware
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-1369

    The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2026-2928

    A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based ... Read more

    Affected Products : dwr-m960_firmware
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2927

    A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack... Read more

    Affected Products : dwr-m960_firmware
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2926

    A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflo... Read more

    Affected Products : dwr-m960_firmware
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-2925

    A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results... Read more

    Affected Products : dwr-m960_firmware
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2026-2913

    A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the l... Read more

    Affected Products : libvips
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-2912

    A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is... Read more

    Affected Products : online_reviewer_system
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2026-2911

    A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disc... Read more

    Affected Products : fh451_firmware
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4563 Results