Latest CVE Feed
-
9.3
CRITICALCVE-2026-24399
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be proces... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-62616
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession... Read more
Affected Products : autogpt_platform- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Server-Side Request Forgery
-
9.3
CRITICALCVE-2025-59090
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-59097
The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuratio... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2020-37135
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative ac... Read more
Affected Products : amss\+\+- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2026-1483
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_ve... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2026-1482
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_evaluacion' in '/evaluacion_objetivos... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2026-1480
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_an... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2026-1478
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/eva... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-64691
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.... Read more
Affected Products : process_optimization- Published: Jan. 16, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2026-25993
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / request_path values—derived from the url_key stored in the database—into SQL statements via string concatenation and passe... Read more
Affected Products : evershop- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2026-1473
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario’ in '/evaluacion_competencias... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2020-37092
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full adm... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2026-1479
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Id_usuario' and 'Id_evaluacion’ in ‘/ev... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-61943
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in com... Read more
Affected Products : process_optimization- Published: Jan. 16, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2026-1632
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2026-1481
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_an... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2026-1472
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacion_competencias_auto... Read more
Affected Products : evaluacion_de_desempeno- Published: Jan. 27, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-65078
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
9.3
CRITICALCVE-2026-25814
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.... Read more
Affected Products : placipy- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection