No Result
View All Result
No Result
View All Result
No Result
View All Result

Live CVE Feed

Share on FacebookShare on Twitter

Live CVE Feed

Curated from global sources like ENISA EUVD and CVE Details

  • CVE-2026-2167 - Totolink WA300 cstecgi.cgi setAPNetwork os command injection

    CVE ID : CVE-2026-2167Published : Feb. 8, 2026, 5:02 p.m. | 26 minutes agoDescription : A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.Severity: 0.0 | NAVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2166 - code-projects Online Reviewer System Login index.php sql injection

    CVE ID : CVE-2026-2166Published : Feb. 8, 2026, 5:02 p.m. | 26 minutes agoDescription : A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.Severity: 0.0 | NAVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2165 - detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication

    CVE ID : CVE-2026-2165Published : Feb. 8, 2026, 4:32 p.m. | 56 minutes agoDescription : A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.Severity: 0.0 | NAVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2164 - detronetdip E-commerce addadhar.php unrestricted upload

    CVE ID : CVE-2026-2164Published : Feb. 8, 2026, 4:32 p.m. | 56 minutes agoDescription : A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.Severity: 0.0 | NAVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2163 - D-Link DIR-600 ssdp.cgi command injection

    CVE ID : CVE-2026-2163Published : Feb. 8, 2026, 4:32 p.m. | 56 minutes agoDescription : A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.Severity: 0.0 | NAVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2160 - SourceCodester Simple Responsive Tourism Website Master.php cross site scripting

    CVE ID : CVE-2026-2160Published : Feb. 8, 2026, 4:15 p.m. | 1 hour, 12 minutes agoDescription : A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Severity: 5.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2161 - itsourcecode Directory Management System forget-password.php sql injection

    CVE ID : CVE-2026-2161Published : Feb. 8, 2026, 4:15 p.m. | 1 hour, 12 minutes agoDescription : A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.Severity: 7.5 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2162 - itsourcecode News Portal Project aboutus.php sql injection

    CVE ID : CVE-2026-2162Published : Feb. 8, 2026, 4:15 p.m. | 1 hour, 12 minutes agoDescription : A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.Severity: 5.8 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2159 - SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting

    CVE ID : CVE-2026-2159Published : Feb. 8, 2026, 4:15 p.m. | 1 hour, 12 minutes agoDescription : A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.Severity: 5.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2157 - D-Link DIR-823X set_static_route_table sub_4175CC os command injection

    CVE ID : CVE-2026-2157Published : Feb. 8, 2026, 3:15 p.m. | 2 hours, 12 minutes agoDescription : A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.Severity: 8.3 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast
    on February 8, 2026 at 9:00 am

    Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform Global Threat Map is an open-s ... Read more Published Date: Feb 08, 2026 (8 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509 CVE-2026-24423 CVE-2025-12743 CVE-2025-22225

  • CVE-2026-1868: Critical GitLab Gateway Flaw (CVSS 9.9) Allows RCE
    on February 8, 2026 at 7:26 am

    CVE-2026-1868: Critical GitLab Gateway Flaw (CVSS 9.9) Allows RCE GitLab has issued an urgent security alert for organizations running self-hosted versions of its AI Gateway, warning of a critical vulnerability that could allow attackers to crash services or execute ... Read more Published Date: Feb 08, 2026 (10 hours, 2 minutes ago) Vulnerabilities has been mentioned in this article.

  • Apple’s Golden Jubilee: Foldables, “Synthetic” Siri, and the Rise of Tim Cook’s Successor
    on February 8, 2026 at 6:35 am

    Apple’s Golden Jubilee: Foldables, “Synthetic” Siri, and the Rise of Tim Cook’s Successor As Apple approaches its momentous 50th anniversary on April 1, 2026, the global community watches with bated breath to discern its next strategic evolution. Beyond the allure of impending hardware, a ... Read more Published Date: Feb 08, 2026 (10 hours, 53 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2021-44228

  • BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution
    on February 7, 2026 at 8:34 am

    BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution BeyondTrust Remote Access Products 0-Day Vulnerability BeyondTrust has disclosed a critical pre-authentication remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remo ... Read more Published Date: Feb 07, 2026 (1 day, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-1731

  • What CISA KEV Is and Isn’t – and a Tool to Help Guide Security Teams
    on February 6, 2026 at 7:41 pm

    What CISA KEV Is and Isn’t – and a Tool to Help Guide Security Teams A new paper gives an insider’s perspective into CISA’s Known Exploited Vulnerability catalog – and also offers a free tool to help security teams use the CISA KEV catalog more effectively. The paper, ... Read more Published Date: Feb 06, 2026 (1 day, 21 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-25049 CVE-2022-21894

  • CISA Adds SmarterMail and React Native CLI Flaws to KEV Catalog
    on February 6, 2026 at 5:26 pm

    CISA Adds SmarterMail and React Native CLI Flaws to KEV Catalog February 6, 2026U.S. CISA has escalated two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2026-24423 in SmarterTools Sma ... Read more Published Date: Feb 06, 2026 (2 days ago) Vulnerabilities has been mentioned in this article. CVE-2026-24423 CVE-2025-11953 CVE-2025-24813

  • Autoriteit Persoonsgegevens en Raad voor de rechtspraak gehackt via Ivanti-lek
    on February 6, 2026 at 3:28 pm

    Autoriteit Persoonsgegevens en Raad voor de rechtspraak gehackt via Ivanti-lek Aanvallers zijn erin geslaagd de Ivanti EPMM-server van de Autoriteit Persoonsgegevens (AP) en Raad voor de rechtspraak te hacken. In het geval van de AP hebben de aanvallers toegang gekregen tot werk ... Read more Published Date: Feb 06, 2026 (2 days, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-1340 CVE-2026-1281

  • Poland’s energy control systems were breached through exposed VPN access
    on February 6, 2026 at 2:27 pm

    Poland’s energy control systems were breached through exposed VPN access On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a pri ... Read more Published Date: Feb 06, 2026 (2 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-24423 CVE-2025-59718

  • The Good, the Bad and the Ugly in Cybersecurity – Week 6
    on February 6, 2026 at 2:00 pm

    The Good, the Bad and the Ugly in Cybersecurity – Week 6 The Good | Former Google Engineer Steals AI Supercomputing Secrets for China Former Google software engineer Linwei Ding has been found guilty of economic espionage and trade secret theft after steali ... Read more Published Date: Feb 06, 2026 (2 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-25253

  • The Good, the Bad and the Ugly in Cybersecurity – Week 6
    on February 6, 2026 at 2:00 pm

    The Good, the Bad and the Ugly in Cybersecurity – Week 6 The Good | Former Google Engineer Steals AI Supercomputing Secrets for China Former Google software engineer Linwei Ding has been found guilty of economic espionage and trade secret theft after steali ... Read more Published Date: Feb 06, 2026 (2 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-25253

  • 17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware
    on February 6, 2026 at 12:58 pm

    17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000 stars on GitHub, OpenClaw is being exploited to steal crypto keys and install macOS m ... Read more Published Date: Feb 06, 2026 (2 days, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-55182

  • Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
    on February 6, 2026 at 10:42 am

    Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this ... Read more Published Date: Feb 06, 2026 (2 days, 6 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-24423 CVE-2026-23760 CVE-2025-52691 CVE-2025-22225

  • CVE-2025-13375: Critical IBM Crypto Flaw (CVSS 9.8) Exposes HSMs
    on February 6, 2026 at 9:07 am

    CVE-2025-13375: Critical IBM Crypto Flaw (CVSS 9.8) Exposes HSMs IBM has issued a critical security bulletin for its Common Cryptographic Architecture (CCA), a core component used to interface with the company’s high-security hardware modules. The vulnerability, tr ... Read more Published Date: Feb 06, 2026 (2 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-13375 CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2024-41787 CVE-2024-49803

  • Fortinet waarschuwt voor SQL Injection beveiligingslek in FortiClientEMS
    on February 6, 2026 at 8:52 am

    Fortinet waarschuwt voor SQL Injection beveiligingslek in FortiClientEMS Fortinet waarschuwt klanten voor een kritiek beveiligingslek in FortiClientEMS waardoor SQL Injection mogelijk is. Twee jaar geleden werd een andere SQL Injection kwetsbaarheid actief misbruikt bij aa ... Read more Published Date: Feb 06, 2026 (2 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-21643 CVE-2023-48788

  • SmarterMail-servers aangevallen via kritieke RCE-kwetsbaarheid
    on February 6, 2026 at 8:36 am

    SmarterMail-servers aangevallen via kritieke RCE-kwetsbaarheid Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in SmarterMail waardoor kwetsbare servers op afstand zijn over te nemen, zo waarschuwt het Amerikaanse cyberagentschap CISA. Drie weken ... Read more Published Date: Feb 06, 2026 (2 days, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-24423 CVE-2026-23760

  • February 2026 Patch Tuesday forecast: Lots of OOB love this month
    on February 6, 2026 at 7:42 am

    February 2026 Patch Tuesday forecast: Lots of OOB love this month Valentine’s Day is just around the corner and Microsoft has been giving us a lot of love with a non-stop supply of patches starting with January 2026 Patch Tuesday. The January releases addressed 92 v ... Read more Published Date: Feb 06, 2026 (2 days, 9 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509 CVE-2025-12743 CVE-2025-8088 CVE-2025-22225

  • F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products
    on February 6, 2026 at 6:18 am

    F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products F5 Patches Critical Vulnerabilities F5 released its February 2026 Quarterly Security Notification on February 4, announcing several medium and low-severity CVEs, plus a security exposure affecting BIG ... Read more Published Date: Feb 06, 2026 (2 days, 11 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-22549 CVE-2026-22548 CVE-2026-20732 CVE-2026-20730 CVE-2026-1642

  • CISA Warns of React Native Community Command Injection Vulnerability Exploited in Attacks
    on February 6, 2026 at 6:03 am

    CISA Warns of React Native Community Command Injection Vulnerability Exploited in Attacks React Native Command Injection Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-11953 to its Known Exploited Vulnerabilities (KEV) catalog, flagging an OS comma ... Read more Published Date: Feb 06, 2026 (2 days, 11 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-11953

  • New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released
    on February 6, 2026 at 2:39 am

    New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released CentOS 9 Vulnerability A critical use-after-free (UAF) vulnerability in the Linux kernel’s sch_cake queuing discipline (Qdisc) affects CentOS 9, allowing local users to gain root privileges. Security ... Read more Published Date: Feb 06, 2026 (2 days, 14 hours ago) Vulnerabilities has been mentioned in this article. CVE-2022-50452

  • The Invisible Landlord: ShadowSyndicate Rotates Keys to Hide Infrastructure
    on February 6, 2026 at 12:42 am

    The Invisible Landlord: ShadowSyndicate Rotates Keys to Hide Infrastructure Group-IB Graph analysis of the network infrastructure related to ALPHVBlackCat | Image: Group-IB The sprawling, murky network known as ShadowSyndicate has evolved. Previously identified by a singular, ... Read more Published Date: Feb 06, 2026 (2 days, 16 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2024-23334

  • Popular n8n Platform Hit by Triple Threat of RCE Flaws
    on February 6, 2026 at 12:39 am

    Popular n8n Platform Hit by Triple Threat of RCE Flaws The n8n workflow automation platform, a favorite among technical teams for its “fair-code” flexibility and AI capabilities, has been struck by a cluster of critical security vulnerabilities. Security ... Read more Published Date: Feb 06, 2026 (2 days, 16 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-25056 CVE-2026-25053 CVE-2026-25049 CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2026-21877 CVE-2026-21858 CVE-2025-68668 CVE-2025-68613

  • The Invisible Proxy: NGINX Hijacked for Silent SEO Poisoning
    on February 6, 2026 at 12:33 am

    The Invisible Proxy: NGINX Hijacked for Silent SEO Poisoning NGINX attack flow diagram showing how user requests are intercepted and routed through attacker-controlled servers | Image: Datadog Security Research A new campaign is targeting the backbone of the we ... Read more Published Date: Feb 06, 2026 (2 days, 16 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2025-1974

  • 4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE
    on February 6, 2026 at 12:23 am

    4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE A critical vulnerability has been discovered in the unstructured library, a powerhouse tool used by developers to prep data for Large Language Models (LLMs). With over 4 million monthly downloads, the ... Read more Published Date: Feb 06, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-64712 CVE-2026-24858 CVE-2026-21509 CVE-2026-20045

  • Cloud-Hosted Trap: Phishers Use Vercel & Telegram to Bypass Filters
    on February 6, 2026 at 12:11 am

    Cloud-Hosted Trap: Phishers Use Vercel & Telegram to Bypass Filters Social engineering attack Phishing attacks have evolved from simple “click here” links to complex, multi-stage puzzles designed to baffle security scanners. A new report from the X-Labs team uncovers ... Read more Published Date: Feb 06, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2025-57807

  • “PDF” Poison: Popular JavaScript Library Patches Critical Injection and Crash Flaws
    on February 6, 2026 at 12:07 am

    “PDF” Poison: Popular JavaScript Library Patches Critical Injection and Crash Flaws Developers using jsPDF, a widely adopted library for generating PDF files directly in the browser, are being urged to update their software immediately following the discovery of two high-severity vul ... Read more Published Date: Feb 06, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-24737 CVE-2026-24133 CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2025-68428 CVE-2025-57803

severity high

  • CVE-2026-2157 - D-Link DIR-823X set_static_route_table sub_4175CC os command injection

    CVE ID : CVE-2026-2157Published : Feb. 8, 2026, 3:15 p.m. | 2 hours, 12 minutes agoDescription : A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.Severity: 8.3 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2155 - D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection

    CVE ID : CVE-2026-2155Published : Feb. 8, 2026, 2:16 p.m. | 3 hours, 12 minutes agoDescription : A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.Severity: 8.3 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2152 - D-Link DIR-615 Web Configuration adv_routing.php os command injection

    CVE ID : CVE-2026-2152Published : Feb. 8, 2026, 1:16 p.m. | 4 hours, 12 minutes agoDescription : A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.Severity: 8.3 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2151 - D-Link DIR-615 DMZ Host Feature adv_firewall.php os command injection

    CVE ID : CVE-2026-2151Published : Feb. 8, 2026, 12:15 p.m. | 5 hours, 12 minutes agoDescription : A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Severity: 8.3 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2143 - D-Link DIR-823X DDNS Service set_ddns os command injection

    CVE ID : CVE-2026-2143Published : Feb. 8, 2026, 9:15 a.m. | 8 hours, 12 minutes agoDescription : A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.Severity: 8.3 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2142 - D-Link DIR-823X set_qos sub_420688 os command injection

    CVE ID : CVE-2026-2142Published : Feb. 8, 2026, 8:15 a.m. | 9 hours, 12 minutes agoDescription : A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.Severity: 8.3 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2140 - Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow

    CVE ID : CVE-2026-2140Published : Feb. 8, 2026, 7:16 a.m. | 10 hours, 12 minutes agoDescription : A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.Severity: 9.0 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2139 - Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow

    CVE ID : CVE-2026-2139Published : Feb. 8, 2026, 7:15 a.m. | 10 hours, 12 minutes agoDescription : A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.Severity: 9.0 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2138 - Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow

    CVE ID : CVE-2026-2138Published : Feb. 8, 2026, 6:16 a.m. | 11 hours, 12 minutes agoDescription : A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.Severity: 9.0 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2137 - Tenda TX3 SetIpMacBind buffer overflow

    CVE ID : CVE-2026-2137Published : Feb. 8, 2026, 6:16 a.m. | 11 hours, 12 minutes agoDescription : A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Severity: 9.0 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

    NEWS Events

    No Result
    View All Result

    © 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

    Our website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.