Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2019-25442 — Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GE…

web_wiz_forums | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25440 — WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET …

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25439 — NoviSmart CMS SQL Injection via Referer HTTP Header

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can cr…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25433 — XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET re…

xoops | Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25391 — Ashop Shopping Cart Software Lastest Latest SQL Injection via bannedcustomers.php

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POS…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25366 — microASP Portal+ CMS SQL Injection via pagina.phtml

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attack…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
5.4 MEDIUM
CVE-2026-2946 — rymcu forest Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cr…

A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java o…

forest | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2026-2945 — JeecgBoot uploadImgByHttp server-side request forgery

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl…

jeecg_boot | Remote | Server-Side Request Forgery
Feb 22, 2026 Mar 03, 2026
Feb 22, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-2944 — Tosei Online Store Management System ネット店舗管理システム HTTP POST Request monitor.php system os …

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handl…

online_store_management_system | Remote | Injection
Feb 22, 2026 Feb 26, 2026
Feb 22, 2026
Feb 26, 2026
5.3 MEDIUM
CVE-2026-2943 — SapneshNaik Student Management System index.php cross site scripting

A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of th…

Remote | Cross-Site Scripting
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
7.5 HIGH
CVE-2026-2940 — Zaher1307 tiny_web_server URL tiny.c out-of-bounds write

A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the …

Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
4.8 MEDIUM
CVE-2026-2939 — itsourcecode Student Management System Add Student add_student cross site scripting

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation re…

school_management_system student_management_system | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
7.5 HIGH
CVE-2026-2938 — SourceCodester Student Result Management System update_smtp.php access control

A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulatio…

student_result_management_system student_result_management_system | Remote | Authorization
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.3 HIGH
CVE-2026-2935 — UTT HiPER 810G ConfigExceptMSN strcpy buffer overflow

A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can le…

810g_firmware 810g | Remote | Memory Corruption
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2934 — YiFang CMS Extended Management D_friendLinkGroup.php update cross site scripting

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The …

yifang yifang | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
5.3 MEDIUM
CVE-2026-2385 — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu,…

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all v…

Remote | Cryptography
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
4.8 MEDIUM
CVE-2026-2933 — YiFang CMS Extended Management D_adManage.php update cross site scripting

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulatio…

yifang yifang | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
4.8 MEDIUM
CVE-2026-2932 — YiFang CMS Extended Management D_adPosition.php update cross site scripting

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Perfo…

yifang yifang | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 24, 2026
Feb 22, 2026
Feb 24, 2026
8.8 HIGH
CVE-2026-2930 — Tenda A18 Httpd Service UploadCfg webCgiGetUploadFile stack-based overflow

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of t…

a18_firmware a18 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2929 — D-Link DWR-M960 Wireless Access Control Endpoint formWlAc sub_453140 stack-based overflow

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
Showing 20 of 5387 Results