| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-9520 | IDOR Leading to Owner Account Hijacking in Omada Controller | TP-Link Systems Inc. | Omada Controller | - | - | 2026-01-26 19:34:45 | Deep Dive |
| CVE-2025-14756 | Authenticated Command Injection Vulnerability in Archer MR600 | TP-Link Systems Inc. | Archer MR600 v5.0 | - | - | 2026-01-26 18:17:09 | Deep Dive |
| CVE-2026-1419 | D-Link DCS700l Web Form setDayNightMode command injection | D-Link | DCS700l | Medium | 4.7 | 2026-01-26 04:32:09 | Deep Dive |
| CVE-2025-9290 | Authentication Weakness on Omada Controllers, Gateways and Access Points | TP-Link Systems Inc. | Omada Software Controller | 中危 | - | 2026-01-22 23:14:46 | Deep Dive |
| CVE-2025-9289 | Cross-Site Scripting (XSS) on Omada Controllers | TP-Link Systems Inc. | Omada Software Controller | - | - | 2026-01-22 21:48:36 | Deep Dive |
| CVE-2025-62077 | WordPress Affiliate Link Tracker plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability | SEOSEON EUROPE S.L | Affiliate Link Tracker | - | - | 2026-01-22 16:51:47 | Deep Dive |
| CVE-2026-23754 | D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover | D-Link | D-View 8 | - | - | 2026-01-21 18:02:46 | Deep Dive |
| CVE-2026-23755 | D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path | D-Link | D-View 8 | - | - | 2026-01-21 18:02:30 | Deep Dive |
| CVE-2026-0834 | Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13 | TP-Link Systems Inc. | Archer C20 v6.0, Archer AX53 v1.0 | - | - | 2026-01-21 17:14:55 | Deep Dive |
| CVE-2026-1125 | D-Link DIR-823X set_wifidog_settings sub_412E7C command injection | D-Link | DIR-823X | High | 7.3 | 2026-01-18 16:02:09 | Deep Dive |
| CVE-2026-0629 | Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras | TP-Link Systems Inc. | VIGI InSight Sx45 Series (S245/S345/S445) | 高危 | - | 2026-01-16 17:24:39 | Deep Dive |
| CVE-2025-9014 | Null Pointer Dereference Vulnerability on TL-WR841N | TP-Link Systems Inc. | TL-WR841N v14 | - | - | 2026-01-15 17:36:06 | Deep Dive |
| CVE-2026-0813 | Short Link <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page | prasannasp | Short Link | Medium | 4.4 | 2026-01-14 06:40:06 | Deep Dive |
| CVE-2025-14725 | Internal Link Builder <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings | sablab | Internal Link Builder | Medium | 4.4 | 2026-01-14 05:28:05 | Deep Dive |
| CVE-2025-15035 | Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75 | TP-Link Systems Inc. | Archer AXE75 v1.6 | 中危 | - | 2026-01-09 17:10:39 | Deep Dive |
| CVE-2026-0732 | D-Link DI-8200G upgrade_filter.asp command injection | D-Link | DI-8200G | Medium | 6.3 | 2026-01-08 23:32:08 | Deep Dive |
| CVE-2025-67927 | WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability | Spencer Haws | Link Whisper Free | High | 7.1 | 2026-01-08 09:17:48 | Deep Dive |
| CVE-2025-14631 | Null Pointer Dereference Vulnerability in Malformed 802.11 Frame of TP-Link Archer BE400 | TP-Link Systems Inc. | Archer BE400 | 高危 | - | 2026-01-07 01:04:27 | Deep Dive |
| CVE-2026-0625 | D-Link DSL/DIR/DNS Command Injection via DNS Configuration Endpoint | D-Link | DSL-2640B | 超危 | - | 2026-01-05 21:14:49 | Deep Dive |
| CVE-2025-15391 | D-Link DIR-806A SSDP Request ssdpcgi_main command injection | D-Link | DIR-806A | Medium | 6.3 | 2025-12-31 17:32:07 | Deep Dive |