Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-2200 — heyewei JFinalCMS API Endpoint save cross site scripting

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross sit…

jfinalcms | Remote | Cross-Site Scripting
Feb 09, 2026 Feb 17, 2026
Feb 09, 2026
Feb 17, 2026
9.8 CRITICAL
CVE-2026-2199 — code-projects Online Reviewer System user-delete.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. P…

online_reviewer_system | Remote | Injection
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2198 — code-projects Online Reviewer System loaddata.php sql injection

A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipu…

online_reviewer_system | Remote | Injection
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2197 — code-projects Online Reviewer System exam-delete.php sql injection

A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of…

online_reviewer_system | Remote | Injection
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2196 — code-projects Online Reviewer System exam-update.php sql injection

A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulati…

online_reviewer_system | Remote | Injection
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2195 — code-projects Online Reviewer System questions-view.php sql injection

A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manip…

online_reviewer_system | Remote | Injection
Feb 09, 2026 Feb 10, 2026
Feb 09, 2026
Feb 10, 2026
8.8 HIGH
CVE-2026-2194 — D-Link DI-7100G C1 start_proxy_client_email command injection

A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely…

di-7100g_c1_firmware di-7100g_c1 | Remote | Injection
Feb 09, 2026 Feb 11, 2026
Feb 09, 2026
Feb 11, 2026
8.8 HIGH
CVE-2026-2193 — D-Link DI-7100G C1 set_jhttpd_info command injection

A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command inject…

di-7100g_c1_firmware di-7100g_c1 | Remote | Injection
Feb 08, 2026 Feb 11, 2026
Feb 08, 2026
Feb 11, 2026
8.3 HIGH
CVE-2026-2192 — Tenda AC9 formGetRebootTimer stack-based overflow

A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.star…

ac9_firmware ac9 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.3 HIGH
CVE-2026-2191 — Tenda AC9 formGetDdosDefenceList stack-based overflow

A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow.…

ac9_firmware ac9 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2190 — itsourcecode School Management System controller.php sql injection

A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID resul…

school_management_system school_management_system | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2189 — itsourcecode School Management System index.php sql injection

A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql …

school_management_system school_management_system | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
8.3 HIGH
CVE-2026-2188 — UTT 进取 521G formPdbUpConfig sub_446B18 os command injection

A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames c…

521g_firmware 521g | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2187 — Tenda RX3 formSetQosBand set_qosMib_list stack-based overflow

A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in …

rx3_firmware rx3 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2186 — Tenda RX3 SetIpMacBind fromSetIpMacBind stack-based overflow

A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer…

rx3_firmware rx3 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2185 — Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based o…

A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulati…

rx3_firmware rx3 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.8 CRITICAL
CVE-2026-2184 — Great Developers Certificate Generation System csv.php os command injection

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.ph…

certificate | Remote | Injection
Feb 08, 2026 Feb 24, 2026
Feb 08, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2026-2183 — Great Developers Certificate Generation System csv.php unrestricted upload

A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv…

certificate | Remote | Misconfiguration
Feb 08, 2026 Feb 24, 2026
Feb 08, 2026
Feb 24, 2026
8.3 HIGH
CVE-2026-2182 — UTT 进取 521G setSysAdm doSystem command injection

A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to…

521g_firmware 521g | Remote | Injection
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
9.0 HIGH
CVE-2026-2181 — Tenda RX3 openSchedWifi stack-based overflow

A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument s…

rx3_firmware rx3 | Remote | Memory Corruption
Feb 08, 2026 Feb 10, 2026
Feb 08, 2026
Feb 10, 2026
Showing 20 of 5090 Results