Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-2959 — D-Link DWR-M960 formNewSchedule sub_44E0F8 stack-based overflow

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url r…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2958 — D-Link DWR-M960 formWsc sub_457C5C stack-based overflow

A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-bas…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.1 CRITICAL
CVE-2026-2588 — Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bi…

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium…

crypt\ | Remote | Memory Corruption
Feb 23, 2026 Mar 04, 2026
Feb 23, 2026
Mar 04, 2026
8.1 HIGH
CVE-2026-2957 — qinming99 dst-admin File BackupController.java deleteBackup denial of service

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the compone…

dst-admin | Remote | Denial of Service
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-2956 — qinming99 dst-admin restore revertBackup command injection

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command inje…

dst-admin | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-2954 — Dromara UJCMS ImportDataController import-channel importChanel injection

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a ma…

ujcms | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2019-25462 — Web Ofisi Rent a Car v3 SQL Injection via klima Parameter

Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25461 — Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers…

ticaret platinum_e-ticaret | Remote | Injection
Feb 22, 2026 Mar 10, 2026
Feb 22, 2026
Mar 10, 2026
8.8 HIGH
CVE-2019-25460 — Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attac…

ticaret platinum_e-ticaret | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2019-25459 — Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL…

emlak | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2019-25458 — Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can sen…

firma_rehberi | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25457 — Web Ofisi Firma v13 SQL Injection via oz Parameter

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can …

firma | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.1 CRITICAL
CVE-2019-25456 — Web Ofisi Emlak v2 SQL Injection via ara Parameter

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can se…

emlak | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25455 — Web Ofisi E-Ticaret v3 SQL Injection via ara.html

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send…

ticaret e-ticaret | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.1 CRITICAL
CVE-2026-2953 — Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulatio…

ujcms | Remote | Path Traversal
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-2952 — Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxar…

vaelsys | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
5.4 MEDIUM
CVE-2026-2947 — rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component U…

forest | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2019-25452 — Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attack…

dolibarr_erp\/crm | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
7.5 HIGH
CVE-2019-25450 — Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can …

dolibarr_erp\/crm | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25446 — DIGIT CENTRIS ERP Every version SQL Injection via datum1 Parameter

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameter…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
Showing 20 of 5313 Results